Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 28717+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
CVE-2026-49949: CodexBar Credential Leakage via HTTP Redirect
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Credential Leakage in CodexBar < 0.33.0 via HTTP Redirect - **CVE ID**: CVE-2026-49949 - **CWE ID**: CWE-522 Insufficient Protection of Credentials…

Read more
CVSS 4.0
CVE-2021-4479: Dräger Atlan A350 Medibus Interface DoS Vulnerability Advisory
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface - **CVE ID**: CVE-2021-4479 - **CWE ID**: CWE-1286 Improper Validation of Syntactic Correc…

Read more
Premium intel
CVSS 8.8
Ghidra < 12.1 Authentication Bypass via Null Signature in PKIAuthenticationModule (CVE-2026-52754)
www.vulncheck.com · 2026-06-13

# Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule ## Vulnerability Overview Versions of Ghidra prior to 12.1 contain an authentication bypass vulnerability in the `…

Read more
CVSS 7.5
image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser (CVE-2025-71329)
www.vulncheck.com · 2026-06-13

# image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser ## Vulnerability Overview image-size 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanen…

Read more
CVSS 6.5
Hermes WebUI <0.51.269 Profile Isolation Bypass via Session Search (CVE-2026-49956)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search ## Vulnerability Overview Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability. This allows aut…

Read more
Premium intel
CVSS 8.8
Hermes WebUI < 0.51.311 RCE via Git Configuration Injection (CVE-2026-49959)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.311 RCE via Git Configuration Injection ## Vulnerability Overview Hermes WebUI versions prior to 0.51.311 contain a remote code execution vulnerability. Attackers can execute arb…

Read more
CVSS 5.0
Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard (CVE-2026-49958)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard ## Vulnerability Overview Hermes WebUI versions prior to 0.51.303 contain a time-of-check to time-of-use (TOCTOU) race condition vulnera…

Read more
CVSS 9.4
Hermes WebUI <0.51.358 Unauthenticated Password Takeover (CVE-2026-49973)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.358 Unauthorized Password Takeover Vulnerability ## Overview An improper access control vulnerability exists in Hermes WebUI prior to version 0.51.358, allowing unauthenticated r…

Read more
Premium intel
CVSS 7.7
Hermes WebUI < 0.51.296 Workspace Boundary Bypass Leading to Path Traversal (CVE-2026-49957)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py ## Vulnerability Overview Hermes WebUI versions prior to 0.51.296 contain a workspace boundary bypass vulnerability. This vulne…

Read more
CVSS 7.5
kafka-python DoS Vulnerability (CVE-2026-10142): Memory Exhaustion via Unvalidated Frame Length
www.vulncheck.com · 2026-06-13

# kafka-python Denial of Service Vulnerability ## Overview Versions of kafka-python prior to 2.3.2 contain a denial of service vulnerability in the protocol parser. A malicious proxy or man-in-the-mid…

Read more
CVSS 7.5
kafka-python SCRAM Iteration Count DoS Vulnerability (Pre-Auth)
www.vulncheck.com · 2026-06-13

# SCRAM Iteration Count Denial of Service Vulnerability in kafka-python versions prior to 2.3.2 ## Vulnerability Overview kafka-python versions prior to 2.3.2 contain a denial of service vulnerability…

Read more
CVSS 8.8
LimeSurvey Host Header Injection Discloses Password Reset Token (CVE-2026-50635)
www.vulncheck.com · 2026-06-13

# LimeSurvey Password Reset Host Header Injection Discloses Reset Token ## Vulnerability Overview LimeSurvey uses the client-provided HTTP Host header when constructing account password reset links, w…

Read more
Premium intel
CVSS 8.8
CVE-2026-50733: Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval() - **CVE ID**: CVE-2026-50733 - **CVSS Score**: 8.6 - **Severity**: High - **…

Read more
CVSS 7.2
Lyrion Music Server 9.2.0 Stored XSS Vulnerability (CVE-2026-50232) with POC
www.vulncheck.com · 2026-06-13

# Stored Cross-Site Scripting Vulnerability in Lyrion Music Server 9.2.0 ## Vulnerability Overview Lyrion Music Server 9.2.0 contains a stored cross-site scripting (XSS) vulnerability. Attackers can i…

Read more
CVSS 7.2
Lyriion Music Server <= 9.2.0 Unauthenticated Stored XSS (CVE-2026-50231) Advisory
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Unauthenticated Stored Cross-Site Scripting (XSS) Vulnerability in Lyriion Music Server 9.2.0 - **CVE ID**: CVE-2026-50231 - **CWE ID**: CWE-79 Imp…

Read more
Premium intel
CVSS 8.8
CVE-2026-49493: Arbitrary Code Execution in Markdown Preview Enhanced
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Markdown Preview Enhanced: Arbitrary Code Execution via Bitfield `interpretJS()` - **CVE ID**: CVE-2026-49493 - **CWE ID**: CWE-94 Improper Control…

Read more
CVSS 8.8
CVE-2026-49492: Markdown Preview Enhanced OS Command Injection Vulnerability Advisory
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Markdown Preview Enhanced OS Command Injection in External File and Link Opening - **CVE ID**: CVE-2026-49492 - **CWE ID**: CWE-78 Improper Neutral…

Read more
CVSS 8.1
Mem0 0.2.8 Missing Authorization Vulnerability (CVE-2026-49948)
www.vulncheck.com · 2026-06-13

# Mem0 0.2.8 Missing Authorization Vulnerability ## Vulnerability Overview Mem0 version 0.2.8 contains a missing authorization vulnerability, specifically located in the `POST /configure` endpoint. Th…

Read more
CVSS 9.8
NetMan 204 Hard-coded Backdoor Credentials RCE via CVE-2025-71317
www.vulncheck.com · 2026-06-13

# NetMan 204 Hard-coded Backdoor Credentials ## Vulnerability Overview NetMan 204 contains a hard-coded backdoor account with the username and password set to `eurek`, which possesses administrative p…

Read more
Premium intel
CVSS 7.5
Nginx Proxy Manager Authenticated RCE via OS Injection in setupCertbotPlugins (CVE-2026-40519)
www.vulncheck.com · 2026-06-13

### Vulnerability Overview An authentication remote code execution (RCE) vulnerability exists in Nginx Proxy Manager versions 2.9.14 through 2.15.1, exploited via OS command injection in the `setupCer…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.