Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 27403+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.3
peachpay-for-woocommerce Plugin Insufficient Input Validation Leading to SQL/Command Injection
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The screenshot of this webpage displays the source code of a WordPress plugin named “peachpay-for-woocommerce.” The file contains a potential security vulnerability, specifi…

Read more
CVSS 7.0
RPM rpmuncompress Command Injection Vulnerability (CVE-2026-44604) Analysis and POC
bugzilla.redhat.com · 2026-05-28

### Vulnerability Overview - **Vulnerability Name**: Bug 2460967 (CVE-2026-44604) - **Vulnerability Type**: Command Injection - **Description**: Arbitrary shell commands are executed via the `popen()`…

Read more
CVSS 4.3
WordPress AR_TRYON Plugin API Unauthorized Access & Input Validation Vulnerability with Patch
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The webpage screenshot displays a code file from a WordPress plugin directory, specifically `AR_TRY_ON_Api_Routes.php`. This file contains a potential security vulnerability…

Read more
CVSS 4.3
WordPress AR_TRY_ON Plugin REST API Unauthorized Access Vulnerability
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The provided web page screenshot displays a file named `AR_TRY_ON_Api_Routes.php`, which contains a potential vulnerability. The vulnerability primarily concerns the registr…

Read more
CVSS 4.3
WordPress AR_TRY_ON Plugin RCE/Info Disclosure Vulnerability Analysis
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The webpage screenshot displays the source code file `AR_TRY_ON_Api_Routes.php` of a WordPress plugin named `AR_TRY_ON`. A potential security vulnerability exists within the…

Read more
CVSS 4.3
WordPress Plugin AR-VR-3D-model-try-on Potential Injection Vulnerability Analysis
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The provided webpage screenshot displays the source code file `AR_TRY_ON_Api_Routes.php` of a WordPress plugin named `AR-VR-3D-model-try-on`. The file contains a potential s…

Read more
CVSS 4.3
AR_TRY_ON_API REST API Unauthorized Access Vulnerability Analysis
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The web screenshot displays a file named `AR_TRY_ON_API_Routes.php`, which contains a potential vulnerability. The vulnerability primarily concerns the registration and mana…

Read more
Ubuntu USN-8339-1: OpenJDK 25 Multiple CVEs Security Update
ubuntu.com · 2026-05-28

### Vulnerability Overview - **Vulnerability ID**: USN-8339-1 - **Release Date**: May 28, 2026 - **Description**: Multiple security vulnerabilities exist in various components of OpenJDK 25, specifica…

Read more
CVSS 4.3
EDD Square Gateway OAuth Redirect Permission Bypass Fix
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The provided webpage screenshot displays a file named `Connection.php`, which belongs to the `Gateways/Square` module of the `easy-digital-downloads` plugin. The file contai…

Read more
CVSS 4.3
Easy Digital Downloads Square Gateway Permission Bypass Vulnerability
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The screenshot shows a file named `Connection.php`, which belongs to the `Gateways/Square` module of the `easy-digital-downloads` plugin. A potential security vulnerability …

Read more
CVSS 6.5
WordPress Plugin Meta Field Block 1.5.3 Object ID Injection Vulnerability Analysis
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview The attached screenshot displays the source code for the `meta-field-block.php` file of the WordPress plugin "Meta Field Block." A potential security vulnerability exists wi…

Read more
CVSS 6.8
json-2-csv v5.5.10 CSV Injection Bypass Analysis and PoC
gist.github.com · 2026-05-28

### CSV Injection Vulnerability Summary #### Vulnerability Overview - **Library Name**: json-2-csv - **Version**: 5.5.10 - **Vulnerability Type**: CSV Injection Bypass - **Severity**: HIGH - **Date**:…

Read more
CVSS 6.8
json2csv CSV Injection Vulnerability Fix Details and Test Cases
github.com · 2026-05-28

### Vulnerability Overview This vulnerability involves CSV injection in the `json2csv` library. When the `preventCsvInjection` option is set to `true`, the library fails to correctly prevent CSV injec…

Read more
CVSS 4.9
Keycloak CVE-2026-9801 LDAP DoS via OutOfMemoryError
bugzilla.redhat.com · 2026-05-28

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-9801 - **Vulnerability Description**: A vulnerability has been discovered in Keycloak. A remote attacker (such as a realm administrator co…

Read more
CVSS 4.3
Keycloak CIBA Flow Brute-force Protection Bypass Vulnerability (CVE-2026-9798) Advisory
bugzilla.redhat.com · 2026-05-28

### Vulnerability Overview - **Bug ID**: Bug 2482470 (CVE-2026-9798) - **Vulnerability Name**: Keycloak: Brute-force protection bypass in CIBA flow - **Status**: NEW - **Product**: Security Response -…

Read more
CVSS 5.3
CVE-2026-9803: Keycloak Denial of Service via malformed Authorization header
bugzilla.redhat.com · 2026-05-28

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-9803 - **Vulnerability Name**: Keycloak: Denial of Service via malformed Authorization header - **Status**: NEW - **Reported Date**: 2026-05…

Read more
Premium intel
CVSS 6.8
Keycloak: Unauthorized account access via replayed refresh tokens (CVE-2026-9802)
bugzilla.redhat.com · 2026-05-28

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-9802 - **Vulnerability Name**: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart - **Status**: NEW - *…

Read more
CVSS 6.4
WordPress LiveSmart Plugin XSS Fix Escaping Variables
plugins.trac.wordpress.org · 2026-05-28

### Vulnerability Overview - **Description**: Addresses security vulnerabilities in WordPress 7.0. - **Timestamp**: May 20, 2024, at 12:32:48 PM (8 days ago) - **Author**: rhudjmitrov - **Location**: …

Read more
CVSS 4.8
IBM WebSphere DoS Vulnerability (CVE-2026-4410) Advisory
www.ibm.com · 2026-05-28

### Vulnerability Overview IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a Denial of Service vulnerability (CVE-2026-4410). This vulnerability occurs in Web…

Read more
Ubuntu USN-8338-1: Apache HTTP Server Security Fix (HTTP Response Splitting/DoS)
ubuntu.com · 2026-05-28

### Vulnerability Overview - **Vulnerability ID**: USN-8338-1 - **Publication Date**: 28 May 2026 - **Vulnerability Description**: - The Apache HTTP Server contains an error when processing certain re…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.