Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29123+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Jenkins Security Advisory: RCE, Stored XSS, and IDOR Fixes (CVE-2026-53435 et al.)
www.jenkins.io · 2026-06-13

### Jenkins Security Advisory 2026-06-10 #### Vulnerability Overview 1. **Deserialization Vulnerability** - **CVE**: CVE-2026-53435 - **Severity**: High - **Description**: Jenkins uses serialization a…

Read more
Jenkins Security Bulletin: Deserialization RCE, Stored XSS, Multiple CVEs and Patches
www.jenkins.io · 2026-06-13

### Jenkins Security Bulletin 2026-06-10 #### Vulnerability Overview 1. **Deserialization Vulnerability** - **CVE**: CVE-2026-53435 - **Severity**: High - **Description**: Jenkins uses serialization a…

Read more
Malwarebytes Nebula CVE-2023-43686 DoS Vulnerability Advisory
www.malwarebytes.com · 2026-06-13

# CVE-2023-43686 – Malwarebytes, Nebula – Improper Handling of Exceptional Condition ## Vulnerability Overview A vulnerability was identified in Malwarebytes 4.x and 5.x (as well as Nebula versions fr…

Read more
Malwarebytes & Nebula Heap Buffer Overflow Vulnerability (CVE-2023-43688) Advisory
www.malwarebytes.com · 2026-06-13

# CVE-2023-43688 – Malwarebytes, Nebula – Buffer overflow ## Vulnerability Overview An issue was identified in Malwarebytes 4.x and 5.x (as well as Nebula versions from 2020-10-21 onwards). A heap buf…

Read more
CVSS 5.3
D-link DCS-5615 Firmware Misconfiguration Leading to Privilege Escalation Analysis
www.notion.so · 2026-06-13

# D-link DCS-5615_REV_1.01.00 Vulnerability Summary ## Vulnerability Overview In D-link DCS-5615 firmware version 1.01.00, there is a misconfiguration vulnerability. The device sets the `user` and `gr…

Read more
CVSS 5.3
TOTOLINK EX200 Config Error Leads to Full Device Control
www.notion.so · 2026-06-13

### Vulnerability Overview A configuration error vulnerability exists in TOTOLINK EX200 V4.0.3c.7646_B20201211. This vulnerability allows attackers to gain full control over the device by modifying th…

Read more
CVSS 3.7
D-link DGS-1100-08PD Misconfiguration Vulnerability Grants Root Access via Web Interface
www.notion.so · 2026-06-13

# D-Link DGS-1100-08PD v1.00.006 Vulnerability Summary ## Overview A structural configuration vulnerability exists in D-Link DGS-1100-08PD v1.00.006. The device incorrectly sets the `box` and `group` …

Read more
CVSS 4.3
D-Link DIR823G vsftpd misconfiguration leading to RCE via anonymous upload root ownership
www.notion.so · 2026-06-13

# D-Link DIR823G Vulnerability Summary ## Vulnerability Overview In the D-Link DIR823G V1.0.2B05_20181207 version, there is a misconfiguration vulnerability related to `vsftpd`. This vulnerability cau…

Read more
CVSS 4.3
TOTOLink AC1200T8 vsftpd Misconfiguration Allowing Anonymous FTP to Root RCE
www.notion.so · 2026-06-13

# TOTOLink AC1200T8 V4.1.5Scu.8611 Vulnerability Summary ## Vulnerability Overview TOTOLink AC1200T8 V4.1.5Scu.8611 contains a configuration error vulnerability involving the `vsftpd.conf` file. This …

Read more
CVSS 4.3
TOTOLINK CP450 Misconfigured Anonymous FTP Upload Leading to RCE
www.notion.so · 2026-06-13

# Configuration Error Vulnerability in TOTOLINK CP450 V4.1.0cu.747 ## Vulnerability Overview TOTOLINK CP450 V4.1.0cu.747 contains a configuration error vulnerability that allows anonymous FTP users to…

Read more
Premium intel
CVSS 8.8
LiteLLM Vulnerability Analysis: Privilege Escalation, Broken Access Control, and RCE (CVE-2026-47101/47102/40217)
www.obsidiansecurity.com · 2026-06-13

### Vulnerability Overview Obsidian Security identified three chained vulnerabilities in LiteLLM (CVE-2026-47101, CVE-2026-47102, CVE-2026-40217), which allow default low-privilege users to obtain adm…

Read more
CVSS 5.9
OpenStack Ironic Path Traversal via ISO Processing (CVE-2026-48681) Advisory
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-48681 - **Description**: A vulnerability was identified in the ISO handling code of Ironic, where a maliciously crafted ISO image could tr…

Read more
CVSS 4.9
OpenStack Ironic File Read Vulnerability via PXE Template (CVE-2026-44917)
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: OSA-2026-019: File Extraction from Ironic conductor via pxe template (CVE-2026-44917) - **Description**: A vulnerability was discovered in the Iron…

Read more
CVSS 9.9
OpenStack Mistral Policy Execution Bypass (CVE-2026-41283)
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: OpenStack Mistral Policy Execution Bypass - **CVE ID**: CVE-2026-41283 - **Publication Date**: June 3, 2026 - **Description**: Several Mistral API …

Read more
CVSS 2.2
OpenStack Neutron RBAC Policy Bypass Vulnerability CVE-2026-021 Advisory
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Neutron RBAC Policy Bypass - **CVE ID**: CVE-2026-021 - **Description**: This vulnerability allows project administrators to set trusted device own…

Read more
CVSS 7.4
libinput libinput-device-group udev Property Injection Leading to Root RCE
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: `libinput-device-group` unescaped `phys` output allows injection of udev attributes - **Vulnerability Description**: libinput uses a udev helper ca…

Read more
QNAP QTS NFS Vulnerability Advisory QSA-25-56 (CVE-2025-66276)
www.qnap.com · 2026-06-13

# QSA-25-56: Vulnerability in Legacy QTS with NFS Service Enabled ## Vulnerability Overview - **Publication Date**: January 17, 2026 - **CVE Number**: CVE-2025-66276 - **Severity**: Medium - **Status*…

Read more
CVSS 6.1
CVE-2026-25860 OpenClinic GA Reflected XSS Leading to RCE
www.partywave.site · 2026-06-13

### Vulnerability Overview CVE-2026-25860 is a Reflected Cross-Site Scripting (XSS) vulnerability in the DICOM upload workflow of OpenClinic GA. Attackers can embed malicious JavaScript code within me…

Read more
CVSS 9.6
Aqara API Cross-Account Access Vulnerability (CVE-2026-50084) Analysis
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara API Cross-Account Access - **CVE ID**: CVE-2026-50084 - **Description**: The Aqara Cloud Production API allows any valid developer token to a…

Read more
Premium intel
CVSS 8.6
Aqara Board IoT Unauthenticated MQTT Command Injection via Debug API (CVE-2026-50085)
www.runzero.com · 2026-06-13

### Vulnerability Overview Aqara Board IoT is affected by an insecure debug API vulnerability (CVE-2026-50085). This vulnerability allows attackers to access the Aqara Board service (op-test.aqara.co)…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.