Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24809+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.3
JeecBoot v3.9.1 Stored XSS via SVG File Upload Analysis
github.com · 2026-05-10

# V-006: SVG Stored XSS via File Upload (JeecBoot v3.9.1) ## Vulnerability Overview * **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) * **Vulnerability ID**: CVE-79 * **Affected Produ…

Read more
CVSS 7.5
Go os.Root Path Traversal Mitigation: Merge #2187 Analysis
github.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Title**: fs: Scope all DirFS operations through os.Root #2187 - **Vulnerability Description**: This vulnerability involves restricting all filesystem opera…

Read more
Signal K WebSocket Login Rate Limit Bypass (CVE-2024-41893)
github.com · 2026-05-10

# WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) ## Vulnerability Overview Signal K server’s WebSocket login endpoints (`POST /login` and `POST /signalr/v1/auth/login`) are prot…

Read more
Quarkus OpenAPI Generator Auth Header Leakage via Path Parameter Matching
github.com · 2026-05-10

# Vulnerability Summary: quarkus-openapi-generator Path Parameter Matching Too Broad Leads to Authentication Header Leakage ## Vulnerability Overview In client code generated by `quarkus-openapi-gener…

Read more
Premium intel
CVSS 9.4
phpvms/phpvms removes importer module and routes to mitigate security risks
github.com · 2026-05-10

### Vulnerability Overview The provided webpage screenshot displays the commit history of a GitHub repository involving code modifications to the `phpvms/phpvms` project. The commit removes several vi…

Read more
quarkus-openapi-generator 2.17.0 Security Update: Dependency Upgrades and Permissions
github.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Name**: Not explicitly specified, but involves multiple security-related updates. - **Vulnerability Description**: This version (2.17.0) contains multiple …

Read more
Premium intel
CVSS 8.3
CVE-2025-4252: plainpad Privilege Escalation via Broken Access Control
github.com · 2026-05-10

# Vulnerability Summary: Privilege Escalation via Writable Admin Field in Profile Update (Access Control) ## Vulnerability Overview - **Vulnerability Type**: Privilege Escalation - **Vulnerable Compon…

Read more
Premium intel
CVSS 8.3
Analysis of Privilege Escalation to Admin via Insecure Direct Object Reference in Laravel Users Controller
github.com · 2026-05-10

### Vulnerability Overview This vulnerability allows any authenticated user to escalate their privileges to administrator level by modifying request parameters. Specifically, an attacker can bypass pe…

Read more
Pelican Web UI Privilege Escalation via OIDC (CVE-2024-42571) Advisory and Mitigation
github.com · 2026-05-10

# Privilege Escalation Attack Affecting Pelican Web UI ## Vulnerability Overview * **Vulnerability Type**: Privilege Escalation * **CVSS Score**: 9.0 / 10 (Critical) * **CVE ID**: CVE-2024-42571 * **D…

Read more
CVSS 6.5
Fix for pkg/apk DiscoverKeys Non-RSA JWK Panic Vulnerability
github.com · 2026-05-10

### Vulnerability Overview This vulnerability involves an error handling issue in the `DiscoverKeys` function when processing non-RSA JSON Web Key Sets (JWKs). Specifically, when a non-RSA key is rece…

Read more
CVSS 7.5
APK Package Management Control Hash Verification Bypass Vulnerability Summary and POC
github.com · 2026-05-10

# Summary of APK Package Control Hash Verification Vulnerability ## Vulnerability Overview In `apk` package management, there is a security vulnerability where the system verifies the signature of `AP…

Read more
CVSS 4.3
osTicket dispatcher CSRF bypass via GET _method override
github.com · 2026-05-10

# osTicket CSRF bypass via GET-based _method override in dispatcher ## Vulnerability Overview The `dispatcher.php` script in osTicket contains a logic flaw that allows attackers to bypass CSRF validat…

Read more
CVSS 6.3
Pre-Auth RCE in Wavlink NUS16U1 via wifi_region skipList1/2 Parameter
github.com · 2026-05-10

# Wavlink Router Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability has been discovered in the firmware of the Wavlink USB Network Print Server. An att…

Read more
CVSS 6.3
Pre-Auth Command Injection in Wavlink NUS16U1 Firmware with Exploit PoC
github.com · 2026-05-10

# Wavlink Vulnerability Summary ## Vulnerability Overview A command injection vulnerability has been discovered in the firmware of the Wavlink USB network print server. An attacker can construct malic…

Read more
CVSS 6.3
Wavlink NUS16U1 Router Remote Command Execution Vulnerability with PoC
github.com · 2026-05-10

# Summary of Remote Command Execution Vulnerability in Wavlink Router ## Vulnerability Overview A command injection vulnerability was discovered in the firmware of the Wavlink USB Network Print Server…

Read more
CVSS 6.3
Wavlink NUS16U1 Router RCE Vulnerability and Exploit PoC
github.com · 2026-05-10

# Wavlink Router Remote Command Execution Vulnerability Summary ## Vulnerability Overview A remote command execution vulnerability was identified in the firmware of Wavlink USB Network Print Servers. …

Read more
CVSS 6.3
Wavlink NU16U1 Command Injection Vulnerability and POC
github.com · 2026-05-10

# Wavlink Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Command Injection * **Affected Product**: Wavlink USB Network Printer Server (Model: NU16U1, Firmware Version: M16U1…

Read more
CVSS 8.2
RHSA-2026:14215 Corosync Vulnerability Advisory (CVE-2026-35091, CVE-2026-35092)
access.redhat.com · 2026-05-10

# RHSA-2026:14215 - Security Advisory Summary ## Vulnerability Overview * **Vulnerable Component**: corosync * **Severity**: Moderate * **CVSS Score**: Moderate * **Vulnerability Details**: * **CVE-20…

Read more
CVSS 7.4
Red Hat OpenShell oc debug Sensitive Information Disclosure Vulnerability (CVE-2024-21630) Advisory
access.redhat.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Name**: CVE-2024-21630 - **Vulnerability Type**: Information Disclosure - **Severity**: Medium - **CVSS Score**: 5.3 - **Publication Date**: 2024-03-13 - *…

Read more
Premium intel
CVSS 8.2
Red Hat Corosync Security Update: CVE-2026-35091 & CVE-2026-35092 (DoS/Info Leak)
access.redhat.com · 2026-05-10

### Vulnerability Overview - **Vulnerability ID**: RHSA-2026:13644 - **Publication Date**: 2026-05-05 - **Update Date**: 2026-05-05 - **Severity**: Moderate - **Description**: - **CVE-2026-35091**: Co…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.