Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 54+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
Stored XSS via Profile File Upload: Malicious Script Execution
github.com · 2026-02-07

## Stored Cross-Site Scripting (XSS) via Profile File Upload ### Summary An attacker can upload a malicious file containing embedded JavaScript that is executed when the file is accessed directly. Thi…

Read more
Critical
i-Educar Final Status Import BFLA Vulnerability Analysis
github.com · 2026-02-06
i-Educar Final Status Import tool
Read more
High
i-Educar BFLA Vulnerability: Cross-School Student Record Modification via Import Tool
github.com · 2026-02-06
i-Educar (Final Status Import Tool)
Read more
High
i-educar agenda.php Post-Auth SQL Injection Vulnerability Analysis
github.com · 2025-11-20
i-educar <= 2.10.0
Read more
High
i-educar CVE-2025-65023 Authenticated SQL Injection
CVE-2025-65023 · github.com · 2025-11-20
i-educar <=2.10.0
Read more
High
i-educar intranet SQL Injection Vulnerability (CVE-2025-65024) Analysis
CVE-2025-65024 · github.com · 2025-11-20
i-educar <= 2.10.0
Read more
CVSS 6.3
I-Educar Broken Access Control Vulnerability (CVE-2025-11050)
github.com · 2025-09-28

### Key Information #### Vulnerability Type - **Broken Access Control** #### Affected Endpoint - `/periodo-lancamento` #### Authentication Requirement - Authentication required #### Vulnerability Deta…

Read more
CVSS 6.3
I-Educar /unificacao-aluno Broken Access Control Vulnerability (CVE-2025-11049)
github.com · 2025-09-28

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability was identified in the `/unificacao-aluno` endpoint. - This vu…

Read more
CVSS 6.3
i-Educador /consulta-dispensas Broken Access Control Vulnerability (CVE-2025-11048)
github.com · 2025-09-28

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability exists in the `/consulta-dispensas` endpoint. - This vulnerab…

Read more
CVSS 4.3
i-Educar BOLA Vulnerability (CVE-2025-10607): Unauthorized Access to Academic Data
github.com · 2025-09-19

### Key Information #### Vulnerability Type - Broken Object Level Authorization (BOLA) #### Impact - Allows enumeration of class-related data via the `/module/Avaliacao/diarioApi` endpoint. #### Vulne…

Read more
CVSS 4.3
i-Educator Reflected XSS Vulnerability (CVE-2025-10605)
github.com · 2025-09-19

### Key Information #### Vulnerability Type - Reflected Cross-Site Scripting (XSS) #### Vulnerability Description - A reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tipoacao…

Read more
CVSS 6.3
I-Educar Broken Access Control Vulnerability (CVE-2025-10608)
github.com · 2025-09-19

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Broken Access Control - **Affected Endpoint**: `/enrollment-history/[ID]` - **Application**: I-Educar #### Details - **Vulnera…

Read more
CVSS 2.4
Educar Reflected XSS Vulnerability (CVE-2025-10099) with PoC
github.com · 2025-09-10

### Key Information #### Vulnerability Type - **Cross-Site Scripting (XSS)**: Reflected Cross-Site Scripting #### Vulnerable Endpoint - **educar_usuario_cad.php**: Parameters `email`, `data_inicial`, …

Read more
CVSS 6.3
I-Educar Broken Access Control Vulnerability (CVE-2023-10070)
github.com · 2025-09-10

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - An access control vulnerability was identified in the `/enturmacao-em-lote/[ID]` endpoint. - This v…

Read more
CVSS 6.3
I-Educar Broken Access Control in Batch Cancellation Endpoint (CVE-2025-10071)
github.com · 2025-09-10

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability exists in the `/cancelar-enturmacao-em-lote/[ID]` endpoint. -…

Read more
CVSS 4.3
I-Educator BOLA Vulnerability (CVE-2025-10073) with PoC
github.com · 2025-09-09

### Key Information Summary #### Vulnerability Type - **Broken Object Level Authorization (BOLA)** #### Affected API - `/module/Api/turma` #### Vulnerability Description - This vulnerability allows un…

Read more
CVSS 3.5
i-Educar Stored XSS Vulnerability (CVE-2025-10074) with PoC
github.com · 2025-09-09

### Key Information #### Vulnerability Type - **Cross-Site Scripting (XSS) Stored** #### Affected Endpoint - `/usuarios/tipos/(ID)` #### Parameters - "Tipos de Usuário" - "Descrição" #### Vulnerabilit…

Read more
CVSS 6.3
i-Educar Broken Access Control in /exportacao-para-o-seb (CVE-2025-10013)
github.com · 2025-09-07

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability was discovered in the /exportacao-para-o-seb endpoint of the …

Read more
CVSS 6.3
I-Educar BFLA Vulnerability (CVE-2025-9760): Low-Privilege User Can Delete Student Registration Records
github.com · 2025-09-02

### Key Information #### Vulnerability Type - Broken Function Level Authorization (BFLA) #### Affected API - matricula API of the I-Educar application #### Vulnerability Description - Allows low-privi…

Read more
CVSS 3.5
Multiple Stored XSS Vulnerability Disclosure by Karina Gente
github.com · 2025-09-01

### Key Information #### Vulnerability Type - **Multiple Stored Cross-Site Scripting (XSS)** #### Vulnerable Endpoint - **Vulnerable Endpoint**: `/interno/educar_nivel_ensino_cad.php` #### Parameters …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.