Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
DoQ worker pool does not bound stream backlog · Advisory · coredns/coredns · GitHub
github.com · 2026-05-06

# DoQ worker pool does not bound stream backlog ## Vulnerability Overview The DNS-over-QUIC (DoQ) server in CoreDNS suffers from a memory growth and goroutine leak vulnerability. When a remote client …

Read more
CVSS 7.4
Cyberduck/Mountain Duck SHA-1 Certificate Fingerprint Vulnerability (CVE-2024-41256) Advisory
github.com · 2025-07-06

### Key Information #### Vulnerability Overview - **Vulnerability Identifier**: SBA-ADV-20250325-02 - **Vulnerability Type**: Weak Hash Algorithm (CVE-2028: Use of Weak Hash) - **Affected Software**: …

Read more
CVSS 4.5
HashiCorp Vault kv-v2 Plugin Information Disclosure via Malformed Data (CVE-2025-52893)
github.com · 2025-07-06

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Description**: SDK/framework vulnerability, preventing the leakage of additional …

Read more
CVSS 7.7
Rancher Fleet Sensitive Data Stored in Plaintext via Helm Values (CVE-2024-52284)
github.com · 2025-09-03

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2024-52284 - **GHSA ID**: GHSA-9h9x-9j5v-7w9h - **Severity**: High (7.7/10) - **CVSS v3 Base Metrics**: - Attack Ve…

Read more
Premium intel
CVSS 10.0
enclave-vm Sandbox Escape via Host Error Prototype Chain (CVE-2026-22686)
github.com · 2026-01-20

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Sandbox Escape via Host Error Prototype Chain in enclave-vm - **CVE ID**: CVE-2026-22686 - **GHSA ID**: GHSA-7qm7-455j-5p63 ##…

Read more
Premium intel
CVSS 6.8
Tendenci Unrestricted Deserialization Vulnerability (CVE-2020-14942) Advisory
github.com · 2026-01-27

### Critical Vulnerability Information - **Vulnerability ID**: CVE-2020-14942 - **CVSS Score**: 9.3/10 (Critical Severity) - **Affected Versions**: - Tendenci Repository Issue: - GitHub Security Advis…

Read more
CVE-2025-24293: Rails Active Storage Command Injection via Image Processing
github.com · 2026-01-31

## Vulnerability Information ### Overview - **CVE ID:** CVE-2025-24293 - **GHSA ID:** GHSA-r4mg-4433-c7g3 - **Severity:** Critical (9.2/10) ### Vulnerability Details - **Package:** activestorage (Ruby…

Read more
Craft CMS CVE-2026-27129 IPv6 SSRF Protection Bypass via gethostbyname
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Role:** Professional translator specializing in cybersecurity. * **Cons…

Read more
CVSS 2.7
Nautobot REST API User Management Bypasses Password Validation (CVE-2026-34283)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **CVE-2026-34283**: The Nautobot REST API's user management functionality does not enforce Django password validators. When creating…

Read more
Stored XSS in Frappe LMS (CVE-2026-34806)
github.com · 2026-04-03

# Frappe LMS 存储型 XSS 漏洞 (GHSA-rf5w-r34q-c7j2) **漏洞概述** * **漏洞名称**:Stored XSS in Frappe LMS * **严重程度**:Moderate (中等) * **CVE ID**:CVE-2026-34806 * **描述**:Frappe LMS 存在存储型跨站脚本 (Stored XSS) 漏洞。 **影响范围** …

Read more
Helm v4.1.4 Security Fixes: Path Traversal, Unsigned Plugin Bypass
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** The Helm v4.1.4 release notes list three primary security fixes: 1. **GHSAl-hr2v-4r36-88hr**: Helm Chart extraction output directory collapse vulne…

Read more
Decidim v0.30.5 Security Update: CVE-2026-23891 Fix Guide
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-23891 - **Vulnerability Description**: This vulnerability involves a security issue; specific details will be released on March 30, 2026, wh…

Read more
CVSS 4.0
libcms2 Integer Overflow Vulnerabilities CVE-2026-41254/41255 with POC
www.openwall.com · 2026-04-30

### Vulnerability Overview - **CVE-2026-41254**: This is an integer overflow vulnerability affecting the `libcms2` library. The vulnerability allows attackers to trigger an integer overflow by constru…

Read more
test(GHSA-v37h-5mfm-c47c): add leak harvest history coverage (PoCs #1-6) · patriksimek/vm2@8d30d93 · GitHub
github.com · 2026-05-05

# GitHub Security Vulnerability Summary: GHSA-v37h-5a6f-c47c ## Vulnerability Overview - **Vulnerability ID**: GHSA-v37h-5a6f-c47c - **Vulnerability Type**: Node.js Security Vulnerability - **Affected…

Read more
Release V0.19.3 · enchant97/note-mark · GitHub
github.com · 2026-05-05

### Vulnerability Overview - **Version**: v0.19.3 - **Release Date**: 2 weeks ago - **Description**: A critical security vulnerability was discovered, which was introduced in version @.19.2. Relevant …

Read more
Release v0.17.14 · dadrus/heimdall · GitHub
github.com · 2026-05-08

# Vulnerability Summary ## Overview In version `v0.17.14`, Heimdall patched three recently discovered security vulnerabilities: 1. **Authorization Bypass Vulnerability**: Authorization bypass achieved…

Read more
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated work
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: PraisonAI Legacy API Server with Default Disabled Authentication - **Vulnerability Description**: PraisonAI provides a default legacy Flask API ser…

Read more
Premium intel
CVSS 8.5
CraftCMS file:// Validation Bypass Leading to File Overwrite and Potential RCE
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Name**: Local File System Validation Bypass Leading to File O…

Read more
CVSS 7.7
lxml_html_clean XSS via SVG/Math context switching bypass (CVE-2024-52595)
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: HTML Cleaner allows crafted scripts in special contexts like svg or math…

Read more
Rust Cache Crate Thread Safety Vulnerability (RUSTSEC-2020-0128/CVE-2020-36448)
rustsec.org · 2025-11-08

This image is from the Rust Security Advisory Database. Here are the key points about the vulnerability: ### Key Information: - **Advisory ID:** RUSTSEC-2020-0128 - **Reported Date:** November 24, 202…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.