Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24703+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVE-2024-42273: Heimdall Host Header Case Sensitivity Bypass
github.com · 2026-05-08

# Vulnerability Summary: Case-Sensitive Host Matching in Heimdall May Lead to Policy Bypass ## Vulnerability Overview Heimdall performs host matching in a **case-sensitive** manner, whereas HTTP hostn…

Read more
CVSS 7.4
Axios v1.15.2 Prototype Pollution Fix and SSRF Mitigation
github.com · 2026-05-08

# Axios v1.15.2 Security Update Summary ## Vulnerability Overview This update primarily fixes a Prototype Pollution vulnerability in the Node.js HTTP adapter and introduces new security hardening meas…

Read more
Heimdall CVE-2024-42272: Case-Sensitive URL Encoding Slash Handling Leads to Authorization Bypass
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: Case-sensitive URL-encoded slash handling may lead to inconsistent path interpretation - **Description**: Heimdall handles URL-encoded slashes (`%2…

Read more
Heimdall Authorization Bypass via Path Normalization Mismatch (CVSS 7.8)
github.com · 2026-05-08

# Vulnerability Summary: Authorization bypass via path normalization mismatch ## Vulnerability Overview Heimdall performs rule matching on the raw (unnormalized) request path, while downstream compone…

Read more
Premium intel
CVSS 8.7
openziti/zrok WebDAV Symlink Traversal Fix
github.com · 2026-05-08

### Vulnerability Overview This vulnerability affects the `drive` backend mode in the `openziti/zrok` project. Specifically, the `WebDAV` implementation has been updated to prevent symlink traversal b…

Read more
Kimai XLSX Formula Injection Vulnerability (CVE-2026-4257) Analysis
github.com · 2026-05-08

# Vulnerability Summary: Formula Injection in XLSX Export ## Vulnerability Overview **Title**: Formula Injection via tag names in XLSX export **Severity**: Moderate **CVE ID**: CVE-2026-4257 **Vulnera…

Read more
CVSS 8.7
zrok WebDAV Backend Symlink Following Allows Host Filesystem Read/Write (CVE-2026-42275)
github.com · 2026-05-08

# WebDAV Drive Backend Follows Symlinks Outside DriveRoot, Leading to Host File System Read/Write Vulnerability ## Vulnerability Overview - **Vulnerability Name**: WebDAV drive backend follows symlink…

Read more
Premium intel
CVSS 9.6
Electron shell.openExternal Unvalidated Protocol Arbitrary Protocol Execution
github.com · 2026-05-08

# Vulnerability Summary: Unvalidated `shell.openExternal` in Electron Leads to Arbitrary Protocol Execution ## Overview The terminal hyperlink handler in Electron passes URLs clicked by the user direc…

Read more
CVSS 8.4
Electerm Path Traversal RCE via runWidget (CVE-2026-43940)
github.com · 2026-05-08

# Vulnerability Overview **Vulnerability Title**: Path traversal in electerm runWidget leads to arbitrary code execution **CVE ID**: CVE-2026-43940 **CVSS v3 Score**: 9.4 / 10 **Severity**: High **Rep…

Read more
Premium intel
CVSS 7.8
Electron open-file Command Injection Fix Analysis
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves improvements to the `open-file` function within the `electron` project. Specifically, the issue lies in how file paths are handled, which could a…

Read more
electerm Deep Link Config Override Vulnerability Fix Analysis
github.com · 2026-05-08

### Vulnerability Overview This vulnerability affects the `parse-quick-connect.js` file in the `electerm` project. The issue, described as “Deep link support prop check,” arises from insufficient secu…

Read more
Electerm Arbitrary Local Code Execution via Deep Links/CLI (CVE-2020-43944)
github.com · 2026-05-08

# Vulnerability Overview - **Vulnerability Name**: Arbitrary local code execution via deep links/CLI in electerm - **Vulnerability Description**: Attackers can trigger arbitrary local code execution v…

Read more
RCE via Path Traversal in session-local.js exec function
github.com · 2026-05-08

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves insufficient security checks on the path parameter of the `exec` function in the `src/app/server/session-local.js` file, a…

Read more
CVSS 7.3
SUP Online Shopping V1.0 /admin/message.php SQL Injection Vulnerability
github.com · 2026-05-08

# sourcecodester SUP Online Shopping Project V1.0 /admin/message.php SQL injection #11 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: SUP Online Shopping V1.…

Read more
CVSS 4.1
CVE-2025-44298: Kimai Invoice PDF Renderer Arbitrary File Read
github.com · 2026-05-08

# Vulnerability Summary: Arbitrary File Read in Invoice PDF Renderer (admin) ## Vulnerability Overview This vulnerability exists in the `kimai/kimai` project. Users with the `System-Admin` role and th…

Read more
CVSS 7.3
Pre-Authentication SQL Injection in FilePress Shares filelist API
github.com · 2026-05-08

# [Security] Pre-Authentication SQL Injection in Shares filelist API #70 ## Vulnerability Summary A critical SQL injection vulnerability exists in the `filelist` API endpoint of the `shares` module in…

Read more
CVSS 7.3
DzzOffice Pre-Auth SQL Injection in Share Endpoints (CVSS 9.8)
github.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Severity**: Critical * **Authentication Required**: None (Pre-auth) * **Attack Vector**: Network/Remote * **CVSS …

Read more
CVSS 7.3
Pre-Auth SQL Injection in FilePress Shares filelist API
github.com · 2026-05-08

# [Security] Pre-Authentication SQL Injection in Shares filelist API ## Vulnerability Overview The `filelist` API endpoint in FilePress contains a critical SQL injection vulnerability. The `order` par…

Read more
CVSS 7.3
Discuz!X in_array weak type comparison bypass fix
github.com · 2026-05-08

# Vulnerability Summary ## Overview This commit addresses a security issue regarding type comparison within the `in_array()` function. The original code utilized loose type comparison (the default beh…

Read more
CVSS 2.4
Unauthenticated XSS in SourceCodester Pharmacy Sales and Inventory System V1.0
github.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Type**: Cross-Site Scripting (XSS) * **Affected Product**: sourcecodester Pharmacy Sales and Inventory System Project V1.0 * **Vulnerability Locat…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.