Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24809+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
PicoTronica ECHS v5.7 Unauthenticated Patient Records API Exposes PII
docs.google.com · 2026-05-10

# ECHS: Unauthenticated patient-records API exposes patient PII (CWE-306 / CWE-200) ## Vulnerability Overview During a security assessment of the e-Clinic Healthcare System (ECHS) v5.7, a critical iss…

Read more
CVSS 7.3
e-Clinic Healthcare System v5.7 Hardcoded Admin Credentials Disclosure (CWE-798)
docs.google.com · 2026-05-10

# Vulnerability Summary: ECHS: Admin API key hardcoded in client-side JavaScript enables credential disclosure (CWE-798) ## Vulnerability Overview In the assessed e-Clinic Healthcare System (ECHS) v5.…

Read more
CVSS 7.5
Red Hat Hardened Images gnutls Security Advisory RHSA-2026:13274
access.redhat.com · 2026-05-10

### Vulnerability Overview - **RHSA-2026:13274 - Security Advisory** - **Synopsis**: Bug fix and enhancement update for Red Hat Hardened Images RPMs. - **Type/Severity**: Security Advisory ### Scope -…

Read more
Absinthe GraphQL fix for executable definitions validation logic
github.com · 2026-05-09

# Vulnerability Summary ## Overview This commit is a merge commit primarily involving modifications to the documentation validation logic of the Absinthe GraphQL library. The core change adds a reject…

Read more
CVSS 5.3
open5gs UPF SIGSEGV via Crafted GTP-U Traffic Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Title**: [Bug]: UPF (open5gs-upfd) SIGSEGV (exit 139) under crafted GTP-U traffic on UDP/2152 #4491 - **Status**: Closed - **Author**: Own3d - **Created**: 2 we…

Read more
CVSS 5.3
Open5GS SBI Remote DoS Fix: Null Pointer Dereference on URI Without Path Component
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview - **Title**: sbi: prevent NF crash on callback URI without path component #4496 - **Description**: In the `ogs_sbi_client_send_via_scp_or_sepp()` func…

Read more
CVSS 5.3
Open5GS SBI DoS Fix: Unchecked URI Path Assertion Leads to Crash
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: `sbi: prevent NF crash on callback URI without path component` - **Vulnerability Description**: In the `ogs_sbi_client_send_via_xcp_or_sepp()` func…

Read more
CVSS 5.3
Open5GS UPF Performance Degradation via GTP-U Abuse (Hot-path DoS)
github.com · 2026-05-09

# [Bug]: Severe User Plane Performance Degradation in UPF (open5gs-upfd) Under Abused GTP-U Traffic ## Vulnerability Overview Open5GS UPF (`open5gs-upfd`) performs expensive synchronous diagnostics an…

Read more
Pillow Image Parsing Integer Overflow to Buffer Overflow Vulnerability
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability ID**: #9520 - **Vulnerability Type**: Buffer Overflow - **Description**: In the Pillow library, when processing certain image files, incorrect cal…

Read more
Pillow Integer/Buffer Overflow Vulnerability Analysis and Fix
github.com · 2026-05-09

# Vulnerability Summary: Pillow Image Overflow Vulnerability ## Vulnerability Overview - **Vulnerability Type**: Integer Overflow / Buffer Overflow - **Affected Component**: Image decoding and encodin…

Read more
Premium intel
CVSS 9.1
go-pkgz/auth Patreon Auth Logic Flaw Fix (Pre-Auth Account Takeover)
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves a security issue in the Patreon authentication logic within the `go-pkgz/auth` library. Specifically, the Patreon authentication process incorrec…

Read more
Premium intel
CVSS 9.1
Auth Library Patreon Identity Mapping Flaw Causes Account Merge
github.com · 2026-05-09

# Vulnerability Summary: Patreon Identity Provider Leads to Cross-User Identity Spoofing ## Vulnerability Overview A critical identity mapping logic error exists in the Patreon OAuth provider implemen…

Read more
Analysis of Circular Reference Vulnerability in Pillow/Scikit-image (CVSS 8.4)
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Title**: Raise an error if the trailer chain loops back on itself #9519 - **Vulnerability Description**: The reference chain in the test file contains circ…

Read more
Pillow PDF Parser Trailer Loop DoS Vulnerability Fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Error triggered when the trailer chain loops back to itself (#9519) - **Vulnerability Description**: During PDF file parsing, if the trailer chain …

Read more
HCL BigFix WebUI Vulnerabilities: jws, lodash, path-to-regexp, minimist, node-saml CVEs and Fixes
support.hcl-software.com · 2026-05-09

# HCL BigFix WebUI Multiple Security Vulnerabilities ## Vulnerability Overview HCL BigFix WebUI is affected by multiple vulnerabilities in open-source components, including `jws`, `lodash`, `path-to-r…

Read more
CVSS 7.5
LiquidJS DoS via Circular Block Reference in Layout
github.com · 2026-05-09

# Vulnerability Summary: Denial of Service via circular block reference in layout ## Vulnerability Overview - **Vulnerability Name**: Denial of Service via circular block reference in layout - **Vulne…

Read more
CVSS 7.5
Nunjucks Fix: Nested Block Logic Handling in context and tags
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves an issue with nesting blocks within layouts (#883). Specifically, processing nested blocks can lead to unexpected behavior or errors. ### Affecte…

Read more
Argo Workflows Webhook DoS Vulnerability Fix and POC
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves mitigating denial-of-service (DoS) attacks by restricting the request body size. Specifically, the issue exists within the `argo-workflows` proje…

Read more
CVE-2026-42294: Argo Workflows Webhook Interceptor Unauthenticated Memory Exhaustion DoS
github.com · 2026-05-09

# Vulnerability Summary: Unauthorized Memory Exhaustion (DoS) in Webhook Interceptor ## Vulnerability Overview * **Vulnerability Name**: Unauthorized Memory Exhaustion (DoS) in Webhook Interceptor * *…

Read more
Kirby CMS Missing Authorization Vulnerability (CVE-2025-42068) Fix Guide
github.com · 2026-05-09

# Vulnerability Overview - **Vulnerability Name**: Read access to site, user, and role information is not gated by permissions - **Vulnerability ID**: GHSA-2h7v-4372-f6x2 - **Severity**: High (7.1 / 1…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.