Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.4
FreeScout 1.8.211 Patch: Host Header Injection & checkIpByMax Vulnerabilities
github.com · 2026-04-02

### Vulnerability Overview This release (version 1.8.211) addresses the following security vulnerabilities and issues: * **Function Security Flaw**: Fixed a security vulnerability in the `helper::chec…

Read more
Premium intel
CVSS 9.1
OAuth2 Proxy Multiple Critical Vulnerabilities: Auth Bypass via Health Check, X-Forwarded-Uri, and Email Validation (CVE
github.com · 2026-04-18

### Vulnerability Overview Multiple critical security vulnerabilities have been discovered in OAuth2 Proxy, including: 1. **Health Check User-Agent Authentication Bypass** 2. **Authentication Bypass v…

Read more
CVSS 5.9
Issues in tough library and tuftool CLI utility
aws.amazon.com · 2026-04-25

# AWS Security Advisory: Security Issues in tough Library and tuftool CLI Tool **Advisory ID**: 2026-019-AWS **Release Time**: April 24, 2026 12:45 PM PDT **Severity**: Important (requires attention) …

Read more
Lightdash Stored XSS Vulnerability (CVE-2024-6585) Advisory
www.cve.org · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-6585 2. **Release Date**: 2024-08-30 3. **Update Date**: 2024-08-…

Read more
CVSS 5.3
Hono v4.11.7 Security Release: IP Bypass, Cache Leakage, and XSS Fixes
github.com · 2026-01-28

## Critical Vulnerability Information ### Security Release v4.11.7 includes security fixes for multiple vulnerabilities in Hono and related middleware. ### Vulnerability Details #### 1. IP Access Rest…

Read more
Kirby CMS Vulnerability Advisory: SSTI, Privilege Escalation, XML Injection (CVE-2026-34587)
github.com · 2026-04-24

### Vulnerability Overview 1. **Server-Side Template Injection (SSTI) via Double Template Parsing in Option Rendering** - **Description**: This vulnerability affects Kirby sites that use option fields…

Read more
Release 3.5.3 / 2026-04-27 · prometheus/prometheus · GitHub
github.com · 2026-05-05

# Prometheus v3.5.3 Security Vulnerability Summary ## Vulnerability Overview This version fixes several critical security vulnerabilities, primarily involving the leakage of AzureAD OAuth configuratio…

Read more
Ruby Net::IMAP v0.6.4 Security Advisory: STARTTLS Stripping, Injection, and DoS Vulnerabilities
github.com · 2026-05-10

### Vulnerability Overview This version (v0.6.4) contains multiple security fixes, primarily addressing the following vulnerabilities: 1. **STARTTLS Stripping Vulnerability** (GHSA-vcgp-9326-pcqp) - D…

Read more
CVSS 7.5
libarchive CVE-2026-5121 Integer Overflow RCE Vulnerability Advisory
github.com · 2026-04-18

# CVE-2026-5121 Vulnerability Summary ## Overview A vulnerability has been discovered in `libarchive`. On 32-bit systems, there is an integer overflow flaw in the allocation logic of `zsufs` block poi…

Read more
CVSS 6.5
Keycloak keycloak-services Inefficient Regex DoS Vulnerability (CVE-2024-10270)
github.com · 2026-05-07

# Vulnerability Summary: Inefficient Regular Expression Complexity in org.keycloak:keycloak-services ## Vulnerability Overview A vulnerability was discovered in the `keycloak-services` package. Passin…

Read more
Release 1.35.5 · dani-garcia/vaultwarden · GitHub
github.com · 2026-05-06

### Vulnerability Overview Vaultwarden version 1.35.5 includes the following security fixes: 1. **GHSA-937x-3j8m-7w7p**: Unconfirmed owners can clear the entire organization Vault. 2. **GHSA-569v-845w…

Read more
Premium intel
CVSS 6.2
icAnsToUrt08 Heap Buffer Overflow Vulnerability (CVSS 9.8) and Patch Details
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Name:** HBO in icAnsToUrt08 (Heap Buffer Overflow) **Summary:** * **Type:** Heap Buffer Overflow (HBO) and Remote Code Execution (RCE). * **Description:** Thi…

Read more
Lightdash SSRF Vulnerability (CVE-2024-6586) Leads to Session Takeover
www.cve.org · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-6586 2. **Release Date**: 2024-08-30 3. **Update Date**: 2024-08-…

Read more
Youki Container Escape via procfs Write Redirect and AppArmor Bypass (CVE-2025-62596)
github.com · 2025-11-06

### Key Information #### Vulnerability Title - **Container escape and denial of service due to arbitrary write gadgets and procfs write redirects** #### Vulnerability ID - **GHSA-vf95-55w6-qmrF** - **…

Read more
CVSS 6.5
GitLab 2FA Brute Force (CVE-2020-3367) and Privilege Escalation Vulnerabilities
github.com · 2026-04-21

### Vulnerability Overview 1. **CVE-2020-3367 - 2FA OTP Verification Missing Rate Limiting** - **Description**: The 2FA OTP verification (`confirm_otp` operation) lacks rate limiting, locking mechanis…

Read more
Release 0.8.13 · xmldom/xmldom · GitHub
github.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Type**: XML Injection Vulnerability - **Affected Components**: `XMLSerializer.serializeToString()` and `Node.toString()` methods - **Trigger Condition**: W…

Read more
Premium intel
CVSS 7.5
yt-dlp CVE-2025-54072 --exec Command Injection Bypass
github.com · 2025-07-26

### Key Information #### Vulnerability Overview - **Vulnerability Name**: `--exec` command injection when using placeholder on Windows (Bypass of CVE-2024-22423) - **Publisher**: bashonly - **Publicat…

Read more
CVSS 8.0
AWS Wrappers for Aurora PostgreSQL Privilege Escalation (CVE-2025-12967)
aws.amazon.com · 2025-11-12

- **Bulletin ID**: AWS-2025-028 - **Scope**: AWS - **Content Type**: Important (requires attention) - **Publication Date**: 2025/11/10 10:15 AM PDT - **Description** - Vulnerability identified: CVE-20…

Read more
Git LFS Arbitrary File Write via Crafted Links (CVE-2025-26625)
github.com · 2025-10-18

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Git LFS may write to arbitrary files via crafted links - **CVE ID**: CVE-2025-26625 - **GHSA ID**: GHSA-6pvw-q552-53c5 #### Af…

Read more
Traefik v3.7.0-rc.2 Multiple CVE Vulnerability Fixes
github.com · 2026-05-01

# Traefik v3.7.0-rc.2 Vulnerability Remediation Summary ## Vulnerability Overview This version fixes multiple security vulnerabilities (CVEs), primarily affecting various components and middleware of …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.