Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29307+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.5
WordPress Apptha Slider Gallery 1.0 Path Traversal Vulnerability (CVE-2017-20248)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download ## Vulnerability Overview - **CVE**: CVE-2017-20248 - **CWE**: CWE-22 Improper Limitation of a Pathname to a Restricted Direct…

Read more
CVSS 8.2
Pre-Auth Time-Based Blind SQL Injection in WordPress Google Review Slider <= 6.1 (CVE-2023-25745)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Google Review Slider 6.1 SQL Injection via tid ## Vulnerability Overview WordPress Plugin Google Review Slider version 6.1 contains a time-based blind SQL injection vulnerability, w…

Read more
CVSS 7.5
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download via Path Traversal (CVE-2017-20250)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download ## Vulnerability Overview Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to downlo…

Read more
CVSS 6.4
WordPress Stripe Payments Plugin 2.0.39 Stored XSS via currency_code (CVE-2021-47983) with POC
www.vulncheck.com · 2026-06-13

# WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code ## Vulnerability Overview WordPress Plugin Stripe Payments version 2.0.39 contains a stored Cross-Site Scripting (XSS) vulnerabil…

Read more
CVSS 7.2
WordPress Sonaar Music Plugin <= 4.7 Stored XSS (CVE-2023-54351)
www.vulncheck.com · 2026-06-13

# WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments ## Vulnerability Overview The WordPress Sonaar Music Plugin version 4.7 contains a stored cross-site scripting (XSS) vulnerability, allowing…

Read more
Premium intel
CVSS 9.8
WordPress Travelscape Arbitrary File Upload and RCE (CVE-2024-58349) with POC
www.vulncheck.com · 2026-06-13

# Arbitrary File Upload Vulnerability in WordPress Theme Travelscape 1.0.3 ## Vulnerability Overview WordPress Theme Travelscape version 1.0.3 contains an arbitrary file upload vulnerability. This all…

Read more
CVSS 8.2
Wow Forms WordPress Plugin 2.1 SQL Injection Vulnerability (CVE-2017-20244)
www.vulncheck.com · 2026-06-13

# Wow Forms WordPress Plugin 2.1 SQL Injection ## Vulnerability Overview Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability, allowing unauthenticated attackers to read arbi…

Read more
CVSS 5.4
Persistent XSS in WordPress Zoner Real Estate Theme <= 4.1.1 (CVE-2019-25742)
www.vulncheck.com · 2026-06-13

# Persistent XSS Vulnerability in WordPress Theme Zoner Real Estate 4.1.1 ## Vulnerability Overview WordPress theme Zoner Real Estate version 4.1.1 contains a persistent Cross-Site Scripting (XSS) vul…

Read more
CVSS 8.2
Wow Viral Signups WordPress Plugin SQL Injection Vulnerability (CVE-2017-20245)
www.vulncheck.com · 2026-06-13

# Wow Viral Signups 2.1 WordPress Plugin SQL Injection ## Vulnerability Overview The Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attacker…

Read more
CVSS 5.3
MapPress Maps for WordPress <= 2.96.6 Unauthenticated IDOR via REST API (CVE-2026-8839)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: MapPress Maps for WordPress "__return_true"`, while write endpoints (POST update, DELETE, PATCH, mutate, POST clone, POST empty/delete) only check …

Read more
CVSS 6.4
WP GDPR Cookie Consent Stored XSS via 'ninja_gdpr_ajax_actions' (CVE-2026-8977)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action - **Vulnerabili…

Read more
Premium intel
CVSS 8.1
UpdraftPlus Plugin Unauth Auth Bypass to RCE (CVE-2026-10795)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 (free) < 2.26.5 (premium) - Unauthenticated Authentication Bypass via UpdraftCentral udrcp - **…

Read more
CVE-2026-11443: Allegra downloadAttachment XSS Authentication Bypass Advisory
www.zerodayinitiative.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability - **ZDI ID**: ZDI-26-358 - **CVE ID**: CVE-2026-11443 - **CVSS …

Read more
CVSS 7.2
Unauthenticated Stored XSS in Lyron Music Server 9.2.0 (CVE-2026-50231)
www.zeroscience.mk · 2026-06-13

### Vulnerability Overview Lyron Music Server 9.2.0 contains an unauthenticated stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious content into lo…

Read more
X-VPN macOS CVE-2026-2638 Local Privilege Escalation Vulnerability Advisory
xvpn.io · 2026-06-13

Here is the summary of key vulnerability information from the webpage screenshot: --- ### Vulnerability Overview - **Vulnerability Name**: Local Privilege Escalation Vulnerability - **CVE ID**: CVE-20…

Read more
ezlog Path Traversal Vulnerability and POC Analysis
xz.aliyun.com · 2026-06-13

### Vulnerability Overview This vulnerability affects an application named "ezlog" and involves a path traversal issue. Attackers can bypass the application's file access controls by crafting specific…

Read more
Debian Security Advisory DSA-6344-1: Chromium Multiple CVEs
lists.debian.org · 2026-06-13

### Vulnerability Overview Debian Security Advisory DSA-6344-1 reports several security vulnerabilities discovered in Chromium, which could lead to arbitrary code execution, denial of service, or info…

Read more
GreatXML BitLocker Bypass Vulnerability and WinRE Offline Scan Exploitation
github.com · 2026-06-12

### Vulnerability Overview GreatXML BitLocker bypass vulnerability ### Affected Scope - If a Defender offline scan has ever been initiated on the victim machine, the vulnerability can be exploited aut…

Read more
ITscape (CVE-2026-46316) KVM arm64 Guest-to-Host RCE Vulnerability and Exploit Analysis
www.nofire.ai · 2026-06-12

# When the Vulnerability Actually Exists but the Path Isn't: ITscape (CVE-2026-46316) and the Minimal Runtime Case ## Vulnerability Overview ITscape is the first publicly recorded guest-to-host escape…

Read more
tokio-postgres DoS via malformed DataRow (RUSTSEC-2026-0178)
rustsec.org · 2026-06-12

# RUSTSEC-2026-0178 ## Vulnerability Overview - **Title**: Panic on a DataRow with fewer fields than columns allows denial of service - **Reported Date**: June 12, 2026 - **Published Date**: June 12, …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.