Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
GDAL GDSDflschr Out-of-bounds Read Vulnerability Analysis
github.com · 2026-05-10

# GDAL GDSDflschr Out-of-Bounds Read Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #14399 - **Vulnerability Type**: Out-of-bounds read - **Root Cause**: `size_t` underflow le…

Read more
CVSS 2.2
Android 16 VPN Bypass via QUIC Connection Close Payload
cyberinsider.com · 2026-05-10

# Summary of Android VPN Bypass Vulnerability ## Vulnerability Overview - **Vulnerability Name**: Android VPN Bypass Vulnerability (via QUIC Connection Close Payload) - **Disclosure Date**: May 6, 202…

Read more
CVSS 2.2
Android 16 VPN Bypass via QuicConnectionClosePayload (Tiny UDP Cannon)
lowlevel.fun · 2026-05-10

### Vulnerability Overview **Title:** The Tiny UDP Cannon: An Android VPN Bypass **Core Principle:** On Android 16, regular applications can bypass "Always-on VPN" and "Always VPN" settings without sp…

Read more
CVSS 3.7
JeecBoot /sys/mLogin Bypasses Captcha and Lacks Rate Limiting for Brute Force
github.com · 2026-05-10

# V-009: Mobile Login Endpoint Bypasses Captcha Protection ## Vulnerability Overview JeecBoot provides two login endpoints: 1. `/sys/login`: Standard login, requires a CAPTCHA. 2. `/sys/mLogin`: Mobil…

Read more
CVE-2026-42245: Ruby net-imap Quadratic Complexity DoS Vulnerability
github.com · 2026-05-10

# Vulnerability Overview - **Vulnerability Name**: Quadratic complexity when reading response literals - **Vulnerability ID**: CVE-2026-42245 - **CVSS Score**: 2.3 / 10 (Low) - **Vulnerability Type**:…

Read more
Ruby net-imap response_reader logic error fix and POC
github.com · 2026-05-10

# Vulnerability Summary ## Overview This vulnerability affects the `response_reader` module within the `ruby/net-imap` library, specifically involving a logic error in the `read_response_buffer` metho…

Read more
Ruby net-imap v0.4.24 Security Advisory: Mitigating STARTTLS Stripping, Injection, and DoS
github.com · 2026-05-10

# Summary of Ruby net-imap v0.4.24 Security Update ## Vulnerability Overview This update addresses several critical security vulnerabilities, primarily involving **STARTTLS stripping attacks**, **CRLF…

Read more
Ruby Net::IMAP v0.6.4 Security Advisory: STARTTLS Stripping, Injection, and DoS Vulnerabilities
github.com · 2026-05-10

### Vulnerability Overview This version (v0.6.4) contains multiple security fixes, primarily addressing the following vulnerabilities: 1. **STARTTLS Stripping Vulnerability** (GHSA-vcgp-9326-pcqp) - D…

Read more
Premium intel
CVSS 8.1
AzuraCast X-Forwarded-Host Injection Leads to Account Takeover and 2FA Bypass
github.com · 2026-05-10

# Vulnerability Summary: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass ## Vulnerability Overview This vulnerability stems from AzuraCast's `Ap…

Read more
Premium intel
CVSS 8.8
AzuraCast Path Traversal in currentDirectory Enables RCE via Media Upload
github.com · 2026-05-10

# Vulnerability Summary: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload ## Vulnerability Overview - **Vulnerability Name**: Path Traversal in `currentDir…

Read more
Premium intel
CVSS 8.8
Path Traversal Vulnerability in Local Media Upload Function
github.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Type**: Path Traversal - **Description**: A path traversal vulnerability exists during local media file uploads and streaming uploads, potentially allowing…

Read more
ruby/net-imap SCRAM Authenticator DoS Vulnerability Fix and POC Analysis
github.com · 2026-05-10

### Vulnerability Overview This vulnerability affects the `ScramAuthenticator` class in the `ruby/imap` library, specifically regarding the iteration count limit during SCRAM (Salted Challenge Respons…

Read more
net-imap SCRAM Authentication CPU Exhaustion DoS via High Iterations
github.com · 2026-05-10

# Vulnerability Summary: Denial of Service in `SCRAM-*` Authentication via High Iteration Counts ## Vulnerability Overview When authenticating using `SCRAM-SHA1` or `SCRAM-SHA256`, a malicious server …

Read more
ruby/scram iteration bypass DoS vulnerability and patch details
github.com · 2026-05-10

# Vulnerability Summary ## Overview This vulnerability involves an issue with the iteration count limit in Ruby's `scram` library (used for SCRAM authentication protocols). An attacker can bypass secu…

Read more
Ruby net-imap DoS Vulnerability in ScramAuthenticator
github.com · 2026-05-10

### Vulnerability Overview This vulnerability involves the `ScramAuthenticator` class within Ruby's `net-imap` library. The issue stems from improper handling of the `min_iterations` and `max_iteratio…

Read more
Ruby net-imap STARTTLS Stripping Vulnerability Fix and Analysis
github.com · 2026-05-10

### Vulnerability Overview This vulnerability involves a STARTTLS stripping attack in Ruby's `net-imap` library. An attacker can bypass the STARTTLS protocol, resulting in unencrypted communication an…

Read more
CVE-2026-42346: Ruby net-imap STARTTLS Stripping Vulnerability
github.com · 2026-05-10

# STARTTLS stripping via invalid response timing ## Vulnerability Overview - **CVE ID**: CVE-2026-42346 - **Severity**: High (7.6 / 10) - **CVSS Vector**: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N …

Read more
Fix for ruby/imap STARTTLS Stripping and Command Injection Vulnerability
github.com · 2026-05-10

### Vulnerability Overview This vulnerability involves a STARTTLS stripping attack within the `ruby/imap` library. An attacker can bypass the STARTTLS handler by exploiting the server's "OK" response …

Read more
CVE-2014-3912: Ruby Net::IMAP STARTTLS Stripping Vulnerability Analysis and Fix
github.com · 2026-05-10

# Vulnerability Summary: STARTTLS Stripping Vulnerability ## Vulnerability Overview - **Vulnerability Name**: STARTTLS stripping vulnerability - **CVE Identifier**: CVE-2014-3912 - **Affected Version*…

Read more
CVE-2024-2735: ruby/net-imap STARTTLS Stripping Vulnerability Advisory and Fix Analysis
github.com · 2026-05-10

# Vulnerability Summary: STARTTLS Stripping Vulnerability (CVE-2024-2735) ## Overview A **STARTTLS stripping vulnerability** exists in the `ruby/net-imap` library when establishing an encrypted connec…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.