Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24696+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Sync-in/server /api/auth/login Username Enumeration via Timing Attack
github.com · 2026-05-08

# Username Enumeration via Timing Attack ## Vulnerability Overview A logical flaw in the `/api/auth/login` endpoint of Sync-in/server allows unauthenticated remote attackers to enumerate valid usernam…

Read more
Angular platform-server parseUrl SSRF Bypass Vulnerability Analysis
github.com · 2026-05-08

# Vulnerability Summary ## Overview In the `platform-server` module, the `parseUrl` function is used to parse incoming request URLs. According to the WHATWG URL specification, protocol-relative URLs (…

Read more
SSRF Vulnerability in Angular Platform-Server via Protocol-Relative URLs
github.com · 2026-05-08

# SSRF via protocol-relative and backslash URLs in Angular Platform-Server ## Vulnerability Overview A **Server-Side Request Forgery (SSRF)** vulnerability exists in `@angular/platform-server`. This v…

Read more
Angular SSR URL Parsing Bypass Fix
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves the SSR (Server-Side Rendering) functionality within the Angular platform server (`platform-server`). Attackers can bypass the URL parsing logic …

Read more
CVSS 8.0
Apache CloudStack LTS Security Bulletin: Multiple Vulnerabilities Fixed (CVE-2025-66170, CVE-2025-66467, CVE-2026-25077)
lists.apache.org · 2026-05-08

# Apache CloudStack LTS Security Vulnerability Summary ## Vulnerability Overview Apache CloudStack has released LTS versions 4.20.3.0 and 4.22.0.1, addressing multiple security vulnerabilities. Key vu…

Read more
CashDro 3 Web Admin Panel Brute-Force and Authorization Bypass (CVE-2026-8076/8077)
www.incibe.es · 2026-05-08

# [Update 08/05/2026] CashDro 3 Multiple Vulnerabilities ## Vulnerability Overview INCIBE-CERT disclosed two vulnerabilities in the CashDro 3 smart cash management drawer web management panel: * **CVE…

Read more
Mozilla Thunderbird Security Advisory: Fixes Memory Safety Vulnerabilities (CVE-2026-8090/8094/8092)
www.mozilla.org · 2026-05-08

# Mozilla Thunderbird Security Vulnerability Summary ## Vulnerability Overview The Mozilla Foundation released security advisory 2026-44, which fixes several security vulnerabilities in Thunderbird 14…

Read more
Mozilla Thunderbird Memory Safety Vulnerabilities Fix (CVE-2026-8090/8092/8093)
www.mozilla.org · 2026-05-08

# Mozilla Foundation Security Advisory 2026-43 **Publication Date**: May 8, 2026 **Severity**: High **Affected Products**: Thunderbird 150.0.2 ## Overview This security update fixes several security v…

Read more
CVSS 3.0
OpenStack Ironic Jinja2 Template Injection Vulnerability (CVE-2026-45-05) Analysis
bugs.launchpad.net · 2026-05-08

# Vulnerability Summary: Unsandboxed Rendering of `instance_info['ks_template']` in Ironic ## Overview Ironic does not use a sandbox environment when rendering Kickstart templates (`ks_template`), lea…

Read more
CVSS 2.9
uriparser ptrdiff_t truncation to int causing integer overflow fix
github.com · 2026-05-08

# [CVE-REQUESTED] Stop truncating ptrdiff_t to int #304 ## Vulnerability Overview This Pull Request aims to fix multiple instances in the `uriparser` library where `ptrdiff_t` values are truncated to …

Read more
GL.iNet Router CVE-2023-46453 Authentication Bypass Vulnerability and POC Analysis
www.exploit-db.com · 2026-05-08

# Summary of GLiNet Router Authentication Bypass Vulnerability ## Vulnerability Overview This vulnerability originates from the lack of proper authentication checks in the `/usr/sbin/gl.ngx` session f…

Read more
SureTriggers <1.1.23 Unauthenticated SQL Injection (CVE-2026-4935)
wpscan.com · 2026-05-08

# SureTriggers = (sleep_seconds * 0.8): print(f"[+] VULNERABLE - response took (injected_time: 2f}s) expected ~{sleep_seconds}s for SLEEP().") return True else: print(f"[!] NOT CONFIRMED - response ti…

Read more
CentOS Web Panel (CWP) Hardening Guide: PHP Functions & File Permissions
wiki.centos-webpanel.com · 2026-05-08

# Vulnerability Overview This page primarily introduces security hardening guidelines for the CentOS Web Panel (CWP), focusing on security risks related to **PHP function disabling** and **file permis…

Read more
IC-Bitrix Translate Module RCE Vulnerability (CVE-2025-08) Analysis
karmainsecurity.com · 2026-05-08

# Vulnerability Summary: Remote Code Execution Vulnerability in IC-Bitrix Translation Module ## Vulnerability Overview * **Vulnerability Name**: Remote Code Execution (RCE) in IC-Bitrix Translation Mo…

Read more
Netgate pfSense CE Authenticated RCE via Unsafe Deserialization and XMLRPC (CVE-2025-69690/69691) with PoC
seclists.org · 2026-05-08

# Vulnerability Summary: Netgate pfSense CE Remote Code Execution Vulnerabilities ## Overview The advisory discloses two independent authenticated remote code execution (RCE) vulnerabilities within Ne…

Read more
Rayventory Scan Engine Uncontrolled Search Path Element RCE (CVE-2025-69599)
github.com · 2026-05-08

# CVE-2025-69599 Vulnerability Summary ## Vulnerability Overview **CVE-2025-69599** is an **Uncontrolled Search Path Element** vulnerability. When the Rayventory scan engine loads shared objects and i…

Read more
Bitrix24 Translate Module RCE Vulnerability (CVE-2025-07) with POC
karmainsecurity.com · 2026-05-08

# Bitrix24 远程代码执行漏洞 (CVE-2025-07) ## 漏洞概述 Bitrix24 25.100.300 (Translate Module) 存在远程代码执行漏洞。攻击者可以通过利用翻译模块中的文件上传和提取功能,上传恶意文件并执行任意代码。 ## 影响范围 - 软件:Bitrix24 - 版本:25.100.300 - 模块:Translate Module ## 修复方案 …

Read more
PrusaSlicer Pre-2.4 G-code Write Mechanism Change and Post-Processing Script Compatibility
help.prusa3d.com · 2026-05-08

# Vulnerability Overview PrusaSlicer versions prior to 2.4 contain a design flaw that causes it to write G-code directly to the user-specified target media (e.g., SD cards) instead of first writing it…

Read more
LINQPad BinaryFormatter Deserialization Vulnerability Analysis
trustedsec.com · 2026-05-08

# Vulnerability Summary: LINQPad Deserialization Vulnerability ## Vulnerability Overview A deserialization vulnerability has been discovered in LINQPad, a popular .NET development tool. The vulnerabil…

Read more
PrusaSlicer Arbitrary Code Execution via 3MF Metadata (CVE-2023-47868)
raw.githubusercontent.com · 2026-05-08

# PrusaSlicer 2.6.1 Arbitrary Code Execution Vulnerability ## Vulnerability Overview The PrusaSlicer `.3mf` project (zip archive) contains a file named `Metadata/Slicr_PE.config`, which describes vari…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.