Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29733+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
HAX CMS <video-player> Stored XSS Vulnerability and POC (JWT Theft)
github.com · 2026-06-13

### Vulnerability Overview A stored Cross-Site Scripting (XSS) vulnerability exists in the `` component within HAX CMS. This vulnerability allows attackers to execute arbitrary JavaScript code within …

Read more
Unauthenticated Git Access via User-Controlled Key (CVE-2026-40390)
github.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Unauthenticated Git Access via User-Controlled Key - **Vulnerability ID**: GHSA-6434-8trh-w65c - **CVE ID**: CVE-2026-40390 - **Severity**: Moderat…

Read more
HaxxMacs: Private Key Disclosure via Broken HMAC allowing Unauth JWT Forgery and Full Admin Access
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: Private Key Disclosure via Broken HMAC Implementation **Vulnerability Description**: - **Summary**: The `hashHmac64()` function in the HaxxMacs Node.…

Read more
CVSS 6.5
CVE-2024-48397: HAXCMS Authenticated LFI via saveOutline API
github.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0 - **Vulnerability Type**: Authenticated Local File Inclusion (LFI) - **…

Read more
HAXcms Git.php OS Command Injection (CVE-2026-6394) Advisory and Fix
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: Command Injection in Git.php **Vulnerability Type**: OS Command Injection **Severity**: High (7.7 / 10) **CVE ID**: CVE-2026-6394 **CVSS v4 base metr…

Read more
HAXCMS PHP File Upload Validation Bypass Leading to RCE (CVE-2026-4500)
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: File Upload Validation Bypass **Vulnerability ID**: CVE-2026-4500 **Severity**: High (CVSS 9.8) **Affected Version**: HAXCMS PHP 11.0.6 **Fixed Versi…

Read more
CVSS 6.5
HAX CMS NodeJS DoS Vulnerability via Malicious Import Request in createSite
github.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Denial of Service using Malicious Import Request - **Vulnerability Description**: The HAX CMS NodeJS application crashes when an authenticated user…

Read more
Premium intel
CVSS 8.7
Stored XSS in HAXCMS PHP via Case-Sensitivity Mismatch in HTML Upload
github.com · 2026-06-13

### Vulnerability Overview **Title**: Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation **Description**: - **Summary**: The `savefile` endpoint does not distinguish between uppercase …

Read more
CVSS 1.8
Groww Android Unsafe WebView URL Handling & Weak Client-Side App Lock Enforcement Analysis (CVE-2025-5154)
github.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Groww Android Application – Unsafe WebView URL Handling & Weak Client-Side App Lock Enforcement - **CVE ID**: CVE-2025-5154, CVE-2025-6748, CVE-202…

Read more
HAX CMS <25.0.0 Authenticated RCE via File Overwrite in .git/config (CVE-2024-40399)
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: Authenticated Remote Code Execution via File Overwrite **CVE ID**: CVE-2024-40399 **Severity**: Critical (9.4 / 10) **Release Date**: May 13 **Descri…

Read more
HAXcms createSite SSRF Vulnerability Advisory and POC
github.com · 2026-06-13

### Vulnerability Overview **HAXcms `createSite` SSRF Enables Arbitrary File Read** - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Description**: The `createSite` endpoint in HAXcms …

Read more
CVSS 4.3
OAuth2 redirect_uri Validation Bypass Vulnerability and Fix Analysis
github.com · 2026-06-13

### Vulnerability Overview This vulnerability involves an issue with `redirect_uri` validation in the OAuth2 framework. Specifically, the logic for validating `redirect_uri` contains a flaw, which cou…

Read more
Haxcms Stored XSS to Mass Token Exfiltration and Cross-Tenant Hijack (CVE-2024-4911)
github.com · 2026-06-13

### Vulnerability Overview **Mass Token Exfiltration and Cross-Tenant Hijack** - **Description**: This vulnerability leverages Stored XSS and dynamic token exposure to enable cross-tenant account take…

Read more
CVSS 6.3
File Upload Path Traversal Fix Analysis: Path.normalize() and Extension Validation
github.com · 2026-06-13

### Vulnerability Overview This vulnerability involves path traversal and filename validation issues within the file upload functionality. An attacker can bypass existing validation mechanisms by craf…

Read more
CVSS 6.3
hsweb-framework Path Traversal Vulnerability in File Upload and Fix
github.com · 2026-06-13

# [security] hsweb-framework is affected by a path traversal vulnerability #344 ## Vulnerability Description The file upload functionality in hsweb-framework contains a path traversal vulnerability. A…

Read more
CVSS 4.3
OAuth2 redirect_uri Bypass via URL userinfo Leading to Auth Code Leak
github.com · 2026-06-13

# [Security] OAuth2 redirect_uri Validation Can Be Bypassed via URL userinfo #354 ## Vulnerability Overview The OAuth2 authorization endpoint validates the `redirect_uri` using a simple string prefix …

Read more
CVSS 4.3
HS-Web Framework OAuth2 Module redirect_uri Validation Bypass Vulnerability Fix
github.com · 2026-06-13

### Vulnerability Overview This vulnerability involves the `oauth2` module within the `hs-web` framework, specifically concerning an绕过 (bypass) of the `redirect_uri` validation. Attackers can bypass t…

Read more
Hugging Face transformers LightGlue trust_remote_code RCE vulnerability fix
github.com · 2026-06-13

### Vulnerability Overview This vulnerability involves a Remote Code Execution (RCE) issue in the `transformers` library from Hugging Face, triggered by the `trust_remote_code` parameter. This flaw al…

Read more
Premium intel
CVSS 7.3
SQL Injection in Class and Exam Timetabling System V1.0 /index2.php with POC
github.com · 2026-06-13

# Vulnerability Overview - **Vulnerability Name**: sourcecodeder Class and Exam Timetabling System Project V1.0 /index2.php SQL Injection - **Vulnerability Type**: SQL Injection - **Vulnerability Caus…

Read more
CVSS 7.3
Pre-Auth SQL Injection in Class and Exam Timetabling System V1.0 with POC
github.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: sourcecodester Class and Exam Timetabling System Project V1.0 /index1.php SQL Injection #3 - **Vulnerability Type**: SQL Injection - **Affected Pro…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.