Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29208+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.4
libinput libinput-device-group udev Property Injection Leading to Root RCE
www.openwall.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: `libinput-device-group` unescaped `phys` output allows injection of udev attributes - **Vulnerability Description**: libinput uses a udev helper ca…

Read more
QNAP QTS NFS Vulnerability Advisory QSA-25-56 (CVE-2025-66276)
www.qnap.com · 2026-06-13

# QSA-25-56: Vulnerability in Legacy QTS with NFS Service Enabled ## Vulnerability Overview - **Publication Date**: January 17, 2026 - **CVE Number**: CVE-2025-66276 - **Severity**: Medium - **Status*…

Read more
CVSS 6.1
CVE-2026-25860 OpenClinic GA Reflected XSS Leading to RCE
www.partywave.site · 2026-06-13

### Vulnerability Overview CVE-2026-25860 is a Reflected Cross-Site Scripting (XSS) vulnerability in the DICOM upload workflow of OpenClinic GA. Attackers can embed malicious JavaScript code within me…

Read more
CVSS 9.6
Aqara API Cross-Account Access Vulnerability (CVE-2026-50084) Analysis
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara API Cross-Account Access - **CVE ID**: CVE-2026-50084 - **Description**: The Aqara Cloud Production API allows any valid developer token to a…

Read more
Premium intel
CVSS 8.6
Aqara Board IoT Unauthenticated MQTT Command Injection via Debug API (CVE-2026-50085)
www.runzero.com · 2026-06-13

### Vulnerability Overview Aqara Board IoT is affected by an insecure debug API vulnerability (CVE-2026-50085). This vulnerability allows attackers to access the Aqara Board service (op-test.aqara.co)…

Read more
Premium intel
CVSS 9.1
Aqara Home Android SDK Hardcoded Cryptographic Keys (CVE-2026-50091) Advisory
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara Home Android SDK hardcoded keys - **CVE ID**: CVE-2026-50091 - **CVSS Score**: 3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N) - **Vulnerability Ty…

Read more
Premium intel
CVSS 9.1
Aqara IAM/SSO Gateway Hardcoded OAuth Credentials Enable Unauth Takeover (CVE-2026-50083)
www.runzero.com · 2026-06-13

### Vulnerability Overview The Aqara IAM/SSO Gateway (gw.builder.aqara.com) uses hardcoded OAuth client credentials, an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimate…

Read more
CVSS 6.5
Aqara Developer Portal Insecure Authentication Token Bypass (CVE-2026-50082)
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara Developer Portal insecure authentication token - **CVE ID**: CVE-2026-50082 - **Vulnerability Type**: CWE-306: Missing Authentication for Cri…

Read more
Premium intel
CVSS 8.2
Aqara IAM/SSO Gateway CORS Vulnerability Disclosure (CVE-2026-50087)
www.runzero.com · 2026-06-13

### Vulnerability Overview The Aqara IAM/SSO Gateway (`pe-builder.aqara.com`) contains a Cross-Origin Resource Sharing (CORS) vulnerability, specifically identified as "Permissive Cross-Origin Policy …

Read more
CVSS 9.3
Aqara Cloud OAuth Redirect URI Bypass Vulnerability (CVE-2026-50090)
www.runzero.com · 2026-06-13

### Vulnerability Overview The Aqara OAuth redirect_uri validation bypass vulnerability (CVE-2026-50090) exists in the Aqara Cloud OAuth authorization endpoint (`open-cn.aqara.com/oauth/authorize`). T…

Read more
CVSS 6.1
Aqara IAM/SSO Gateway Open Redirect Vulnerability (CVE-2026-50089)
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara IAM/SSO Gateway open redirect - **CVE ID**: CVE-2026-50089 - **CVSS Score**: 3.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) - **Vulnerability Type…

Read more
Premium intel
CVSS 8.2
Aqara Developer Portal CORS Misconfiguration Leading to Information Disclosure
www.runzero.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Aqara Developer Portal Cross-Origin Resource Sharing - **CVE ID**: CVE-2026-50088 - **CVSS Score**: 8.2 (High) - **Vulnerability Type**: Cross-Orig…

Read more
CVSS 7.2
Supermicro BMC Command Injection Vulnerability Advisory (CVE-2026-3820)
www.supermicro.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-3820 - **Severity**: High - **Vulnerability Type**: Command Injection - **Description**: An attacker may gain administrator privileges and…

Read more
Premium intel
CVSS 7.5KEV
Java Base64 Decode DoS Vulnerability with POC and Mitigation
www.solarwinds.com · 2026-06-13

# Vulnerability Overview This vulnerability exists in the `com.sun.org.apache.xerces.internal.impl.dv.util.Base64` class, which is used for Base64 encoding and decoding. Attackers can trigger an `Arra…

Read more
TP-Link Tapo C110 Firmware Security Update Advisory
www.tp-link.com · 2026-06-13

### Vulnerability Overview The provided webpage screenshot does not explicitly mention specific vulnerability details. However, it lists update records for multiple firmware versions, which include en…

Read more
TP-Link Archer AX73 V2 Firmware Update: Access Control Bypass and Security Fixes
www.tp-link.com · 2026-06-13

### Vulnerability Overview Multiple security vulnerabilities exist in the firmware of the TP-Link Archer AX73 V2, including scenarios where the access control whitelist feature fails to function corre…

Read more
TP-Link Tapo C110EU V2 Firmware Security Advisories: Privacy, Network, and Control Vulnerabilities
www.tp-link.com · 2026-06-13

Based on the provided webpage screenshot, here is a summary of the key information regarding the vulnerability: ### Vulnerability Overview - **Vulnerability Name**: Multiple security issues in Tapo C1…

Read more
TP-Link Tapo C520WS RTSP Input Handling DoS Vulnerability Advisory (CVE-2026-8714)
www.tp-link.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Denial-of-Service Vulnerability in RTSP Input Handling on Tapo C520WS - **CVE ID**: CVE-2026-8714 - **CVSS Score**: 7.1 / High - **Description**: T…

Read more
TP-Link Archer AX73 V2 Firmware Security Advisory
www.tp-link.com · 2026-06-13

### Vulnerability Overview Multiple security vulnerabilities exist in the firmware of the TP-Link Archer AX73 V2, including issues where the access control whitelist feature fails to function correctl…

Read more
TP-Link Tapo C520WS ONVIF Stack Overflow & Auth Bypass Vulnerabilities (CVE-2026-6239 to 6242)
www.tp-link.com · 2026-06-13

### Vulnerability Overview The TP-Link Tapo C520WS camera contains several security vulnerabilities, specifically: 1. **CVE-2026-6239**: Stack buffer overflow vulnerability in the ONVIF `CreateUsers` …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.