Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 28806+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.3
Student Admission System V1.0 index.php SQL Injection Vulnerability and POC
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: code-projects Student Admission System Project V1.0 /index.php SQL Injection #13 - **Vulnerability Type**: SQL Injection - **Affected Product**: St…

Read more
Tesla HTTP Redirect Credential Leakage Fix: Authorization/Header Exposure
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves the potential leakage of certain sensitive header information (such as `Authorization`, `Host`, etc.) to the target server during the HTTP redire…

Read more
elixir-tesla/tesla VM Crash via Untrusted URL Scheme Analysis
github.com · 2026-06-03

### Vulnerability Overview This vulnerability affects the `elixir-tesla/tesla` project. When an untrusted URL scheme is used, it allows a remote attacker to cause a Denial of Service (DoS) by exhausti…

Read more
Premium intel
CVSS 8.1
GHSA-49r9-9vp-4h2h: Potential RCE via prototype pollution chain in react-router (CVE-2026-42211)
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: Potential RCE via 2-step attack chained onto existing prototype pollution vulnerability - **Vulnerability ID**: GHSA-49r9-9vp-4h2h - **CVE ID**: CV…

Read more
CVSS 7.5
CVE-2024-43242: DoS via unbounded path expansion in React Router __manifest endpoint
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: DoS via unbounded path expansion in __manifest endpoint - **Description**: A potential DoS attack vector exists in React Router Framework Mode appl…

Read more
Tesla.Multipart HTTP Header/Parameter Injection Vulnerability Patch and POC
github.com · 2026-06-03

### Vulnerability Overview This vulnerability affects the `Tesla.Multipart` module, allowing arbitrary headers or extra parameters to be injected into outbound HTTP requests via `Tesla.Multipart`, the…

Read more
aiohttp Cross-Domain Redirect Sensitive Info Leakage Fix
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves the improper clearing of `cookies` during cross-origin redirection. Specifically, during the redirection process, `cookies` are not correctly rem…

Read more
CVE-2025-25598: Tesla multipart smuggling via unescaped content-disposition
github.com · 2026-06-03

# Vulnerability Overview **Title**: Multipart part smuggling via unescaped `content-disposition` values **Description**: `Tesla::Multipart::part_headers_for_disposition/1` interpolates `Content-Dispos…

Read more
Memos v0.26.0 Stored HTML Injection Leading to UI Redressing
gist.github.com · 2026-06-03

### Vulnerability Overview **Stored HTML Injection leads to UI Redressing in Memos** - **Affected Versions**: ≤ 0.26.0 - **CVSS 3.1**: AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:N #### Summary The sanitization…

Read more
Tesla Middleware Elixir Zip Bomb DoS Mitigation and max_body_size Fix
github.com · 2026-06-03

### Vulnerability Overview This vulnerability affects the `Tesla.Middleware.Compression` module. An attacker can control the gzip-compressed data returned by a server, causing BEAM heap memory to expa…

Read more
Tesla multipart Request Header Injection vulnerability and fix
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves untrusted `disposition` values (such as filename, name, or arbitrary options) in `multipart` requests potentially closing `Content-Disposition` h…

Read more
Tesla Decompression Bomb Vulnerability (CWE-409)
github.com · 2026-06-03

# Vulnerability Overview - **Vulnerability Name**: Decompression bomb on response body - **Vulnerability Description**: Any Tesla client pipeline containing `Tesla.Middleware.DecompressResponse` or `T…

Read more
CVE-2026-48594: Decompression Bomb in Tesla.Middleware (elixir-tesla)
cna.erlef.org · 2026-06-03

### Vulnerability Overview - **CVE ID**: CVE-2026-48594 - **Vulnerability Name**: Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression - **CVSS 4.0 Score**: 8.2 (…

Read more
Tesla.Multipart CRLF Injection Vulnerability (CVE-2026-48598) Advisory
cna.erlef.org · 2026-06-03

### Vulnerability Overview - **CVE ID**: CVE-2026-48598 - **Vulnerability Type**: CRLF Injection - **Description**: An issue was identified in the handling of parameters within `Tesla.Multipart` due t…

Read more
Tesla FollowRedirects Middleware Authorization Header Leak via Case-Sensitive Filter
github.com · 2026-06-03

### Vulnerability Overview **Title**: Authorization header leaks on cross-origin redirect via case-sensitive filtering **Description**: - **Issue**: `Tesla.Middleware.FollowRedirects` aims to strip th…

Read more
Tesla Elixir CRLF Injection in Content-Type Header via add_content_type_param
github.com · 2026-06-03

# CRLF injection in request `Content-Type` header via `add_content_type_param` ## Vulnerability Overview - **Description**: The `Tesla.Multipart.add_content_type_param/2` function appends caller-suppl…

Read more
DoS via Decompression Bomb in Elixir Tesla Middleware (CVE-2026-48594)
osv.dev · 2026-06-03

### Vulnerability Overview - **Vulnerability ID**: EEF-CVE-2026-48594 - **Vulnerability Type**: Decompression bomb - **Vulnerability Description**: In `elixir-tesla`, a vulnerability exists in the `Te…

Read more
Tesla.Multipart CRLF Injection Vulnerability (CVE-2026-48596) Advisory
cna.erlef.org · 2026-06-03

### Vulnerability Overview - **CVE ID**: CVE-2026-48596 - **Vulnerability Type**: CRLF Injection (HTTP Request/Response Splitting) - **Description**: The `Tesla.Multipart.add_content_type_param/2` fun…

Read more
Crow C++ HTTP Response Header Injection (CRLF) Fix Details
github.com · 2026-06-03

### Vulnerability Overview **Title**: [Security] Prevent HTTP Response Header Injection by sanitizing CR/LF characters #1167 **Description**: This vulnerability involves HTTP response header injection…

Read more
CVSS 8.5
Security Enhancement: REST Hook URL HTTPS Enforcement and Configuration Fix
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves enforcing HTTPS for REST hook subscription URLs by default. The system disallows insecure HTTP URLs unless explicitly configured to allow them. #…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.