Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29208+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
TP-Link Routers Command Injection Vulnerability Advisory (CVE-2026-3151)
www.tp-link.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Security Advisory: Command Injection Vulnerability in OpenVPN on Multiple TP-Link Routers (CVE-2026-3151) - **Vulnerability Description**: This vul…

Read more
CVSS 6.5
TWCERT Advisory: Heptabase CVE-2026-12060 Exposed Dangerous Method Vulnerability
www.twcert.org.tw · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Hepta Platforms | Heptabase - Exposed Dangerous Method or Function - **Vulnerability ID**: TVN-202606003 - **CVE ID**: CVE-2026-12060 - **CVSS Scor…

Read more
CVSS 8.1
iVEC TANK-XM811 Multiple Vulnerabilities: RCE, Arbitrary File Deletion, CVE-2026-11844-11847
www.twcert.org.tw · 2026-06-13

### Vulnerability Overview - **TVN ID**: TVN-202606004 - **CVE ID**: CVE-2026-11844, CVE-2026-11845, CVE-2026-11846, CVE-2026-11847 - **CVSS Score**: - [CVE-2026-11844] 4.9 (Medium) CVSS:3.1/AV:N/AC:L…

Read more
CVSS 5.3
CVE-2026-10597: OMICARD EDM Insecure Direct Object Reference
www.twcert.org.tw · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: OMICARD EDM - Insecure Direct Object Reference - **Vulnerability ID**: TVN-202606001 - **CVE ID**: CVE-2026-10597 - **CVSS Score**: 5.3 (Medium) - …

Read more
CVSS 8.1
TWCERT Advisory: IEI iVEC Virtualization Edge Computer 4 Vulnerabilities (CVE-2026-11844/45/46/47)
www.twcert.org.tw · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: IEI威強電工業電腦 | iVEC-IEI Virtualization Edge Computer - 4 Vulnerabilities Present - **Vulnerability ID**: TVN-20260604 - **CVE ID**: CVE-2026-11844, C…

Read more
Premium intel
CVSS 9.8
IEI iRM Remote Management Vulnerabilities: Missing Auth & Hardcoded Creds (CVE-2026-11848/11849)
www.twcert.org.tw · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: IEI威強電工業電腦 | iRM-IEI Remote Management - 2 Vulnerabilities Found - **Release Date**: 2026-06-12 - **Vulnerability IDs**: - CVE-2026-11848 - CVE-202…

Read more
CVSS 8.2
All in One Video Downloader 1.2 Pre-Auth SQL Injection (CVE-2019-25726)
www.vulncheck.com · 2026-06-13

# All in One Video Downloader 1.2 SQL Injection via admin page-edit ## Vulnerability Overview All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attack…

Read more
CVSS 7.5
Capgo <12.128.2 Denial of Service via Unverified Email Registration and Deletion
www.vulncheck.com · 2026-06-13

# Capgo = 0, < 12.128.2 - **CVE**: CVE-2026-53868 - **CWE**: CWE-306 Missing Authentication for Critical Function - **CVSS**: 8.7 - **CVSS V4 Vector**: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/SC:N…

Read more
CVSS 5.3
CVE-2026-49949: CodexBar Credential Leakage via HTTP Redirect
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Credential Leakage in CodexBar < 0.33.0 via HTTP Redirect - **CVE ID**: CVE-2026-49949 - **CWE ID**: CWE-522 Insufficient Protection of Credentials…

Read more
CVSS 4.0
CVE-2021-4479: Dräger Atlan A350 Medibus Interface DoS Vulnerability Advisory
www.vulncheck.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface - **CVE ID**: CVE-2021-4479 - **CWE ID**: CWE-1286 Improper Validation of Syntactic Correc…

Read more
Premium intel
CVSS 8.8
Ghidra < 12.1 Authentication Bypass via Null Signature in PKIAuthenticationModule (CVE-2026-52754)
www.vulncheck.com · 2026-06-13

# Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule ## Vulnerability Overview Versions of Ghidra prior to 12.1 contain an authentication bypass vulnerability in the `…

Read more
CVSS 7.5
image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser (CVE-2025-71329)
www.vulncheck.com · 2026-06-13

# image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser ## Vulnerability Overview image-size 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanen…

Read more
CVSS 6.5
Hermes WebUI <0.51.269 Profile Isolation Bypass via Session Search (CVE-2026-49956)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search ## Vulnerability Overview Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability. This allows aut…

Read more
Premium intel
CVSS 8.8
Hermes WebUI < 0.51.311 RCE via Git Configuration Injection (CVE-2026-49959)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.311 RCE via Git Configuration Injection ## Vulnerability Overview Hermes WebUI versions prior to 0.51.311 contain a remote code execution vulnerability. Attackers can execute arb…

Read more
CVSS 5.0
Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard (CVE-2026-49958)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard ## Vulnerability Overview Hermes WebUI versions prior to 0.51.303 contain a time-of-check to time-of-use (TOCTOU) race condition vulnera…

Read more
CVSS 9.4
Hermes WebUI <0.51.358 Unauthenticated Password Takeover (CVE-2026-49973)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.358 Unauthorized Password Takeover Vulnerability ## Overview An improper access control vulnerability exists in Hermes WebUI prior to version 0.51.358, allowing unauthenticated r…

Read more
Premium intel
CVSS 7.7
Hermes WebUI < 0.51.296 Workspace Boundary Bypass Leading to Path Traversal (CVE-2026-49957)
www.vulncheck.com · 2026-06-13

# Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py ## Vulnerability Overview Hermes WebUI versions prior to 0.51.296 contain a workspace boundary bypass vulnerability. This vulne…

Read more
CVSS 7.5
kafka-python DoS Vulnerability (CVE-2026-10142): Memory Exhaustion via Unvalidated Frame Length
www.vulncheck.com · 2026-06-13

# kafka-python Denial of Service Vulnerability ## Overview Versions of kafka-python prior to 2.3.2 contain a denial of service vulnerability in the protocol parser. A malicious proxy or man-in-the-mid…

Read more
CVSS 7.5
kafka-python SCRAM Iteration Count DoS Vulnerability (Pre-Auth)
www.vulncheck.com · 2026-06-13

# SCRAM Iteration Count Denial of Service Vulnerability in kafka-python versions prior to 2.3.2 ## Vulnerability Overview kafka-python versions prior to 2.3.2 contain a denial of service vulnerability…

Read more
CVSS 8.8
LimeSurvey Host Header Injection Discloses Password Reset Token (CVE-2026-50635)
www.vulncheck.com · 2026-06-13

# LimeSurvey Password Reset Host Header Injection Discloses Reset Token ## Vulnerability Overview LimeSurvey uses the client-provided HTTP Host header when constructing account password reset links, w…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.