Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.4
Zed Editor MCP Tool Parameter Disclosure Vulnerability (CVE-2026-25805)
github.com · 2026-02-11

From this webpage screenshot, the following key vulnerability information can be obtained: ### Vulnerability Overview - **Vulnerability Title**: Parameter Values are not shown for MCP Tool Calls. User…

Read more
CVSS 8.1
Caido DNS Rebind Bypass Leading to RCE (CVE-2026-24853)
github.com · 2026-02-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: Insufficient patch for DNS rebind leading to RCE - **Vulnerability ID**: GHSA-3q5q-p8vj-8783 - **CVE ID**: CVE-2026-24…

Read more
tfplan2md Sensitive Value Exposure Vulnerability (CVE-2026-27640)
github.com · 2026-02-25

- **Vulnerability Type**: Sensitive Value Exposure in Generated Reports - **Affected Package**: tfplan2md - **Affected Versions**: < v1.26.1 - **Patched Versions**: v1.26.1 - **Impact**: Caused report…

Read more
CVSS 8.6
Octo-STS CVE-2025-52477 Unauthenticated SSRF via OIDC Flow
github.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow - **Severity**: High (8.6/10) - **CVE ID**: CVE-2025-524…

Read more
FreePBX Endpoint Manager Arbitrary File Upload Vulnerability (CVE-2025-61678)
github.com · 2025-10-15

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Authenticated Arbitrary File Upload in Endpoint Manager - **CVE ID**: CVE-2025-61678 - **GHSA ID**: GHSA-7p8x-8m3m-58j9 …

Read more
CVSS 8.1
HedgeDoc <1.9.0 Slide Mode XSS Vulnerability (CVE-2021-39175)
github.com · 2025-11-07

### Key Information - **Vulnerability Name**: XSS vector in slide mode speaker-view - **Publisher**: davidmehren - **GHSA ID**: GHSA-j748-779h-9697 - **Release Date**: Aug 30, 2021 - **Severity**: Hig…

Read more
golang.org/x/crypto CVE-2025-22869 DoS via Slow Key Exchange
github.com · 2025-11-14

### Key Information - **Vulnerability Title:** golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange - **CVE ID:** CVE-2025-22869 - **GHSA ID:** GHSA-hcg3-q754-…

Read more
CVSS 7.5
CVE-2025-61684: quickly library DoS via invalid QUIC frame assertion failure
github.com · 2026-01-20

### Vulnerability Overview - **Package**: quickly - **CVE ID**: CVE-2025-61684 - **GHSA**: GHSA-wr3c-345m-43v9 - **Severity**: High (7.5/10) ### Impact - **Affected versions**: commits up to 5d08216 -…

Read more
Multer DoS via Resource Exhaustion (CVE-2026-2359) Advisory
github.com · 2026-02-28

## Key Vulnerability Information ### Vulnerability Title **Multer vulnerable to Denial of Service via resource exhaustion** ### Vulnerability ID **GHSA-v52c-386h-88mc** **CVE-2026-2359** ### CVSS v4.0…

Read more
CVSS 8.2
jq CVE-2026-3316 Integer Overflow Leading to Heap Buffer Overflow
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Integer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad` allows heap buffer overflow - **CVE ID**: CVE-2026-3316 - **GHSA…

Read more
Plug.Cowboy Unauthenticated Remote DoS via HTTP/2 Atom Table Exhaustion (CVE-2025-3288)
github.com · 2026-04-27

# Vulnerability Overview **Title**: Unauthenticated remote DoS in Plug.Cowboy via HTTP/2 `:scheme` atom-table exhaustion **Severity**: High (8.7 / 10) **CVE ID**: CVE-2025-3288 **Reporter**: Peter Ull…

Read more
OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# OpenClaw < 2026.4.4 - Concurrent Asynchronous Authentication Attempts Bypass Rate Limiting ## Vulnerability Overview OpenClaw versions prior to 2026.4.4 contain a race condition vulnerability. This …

Read more
CVSS 7.5
Apollo GraphQL CVE-2024-43783/43414 Vulnerability Advisory
github.com · 2024-08-29

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability IDs**: - **CVE-2024-43783**: Payload limits may exceed configured maximum - **CVE-2024-434…

Read more
CVSS 8.0
containerd CVE-2021-43816: Unprivileged Pod hostPath SELinux Bypass
github.com · 2025-11-13

### Critical Vulnerability Information #### Vulnerability Title containerd CRI plugin: Unprivileged pod using `hostPath` can side-step SELinux #### Release Information - **Released by**: dmcgowan - **…

Read more
CVSS 3.7
Envoy CONNECT Request Sync State Vulnerability (CVE-2025-64763) and Fix
github.com · 2025-12-04

## Vulnerability Overview - **CVE ID**: CVE-2025-64763 - **GHSA ID**: GHSA-rj35-4m94-77jh - **Publisher**: phlax - **Release Time**: 11 hours ago - **Severity**: Low (3.7/10) ## Vulnerability Details …

Read more
CVSS 8.8
Authd PAM Module User Impersonation Vulnerability (CVE-2024-9313)
github.com · 2024-10-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: PAM module may allow accessing with the…

Read more
CVSS 7.1
Firebird CVE-2025-24975 Unauth Access to Encrypted DB via ExtConnPool
github.com · 2025-08-16

### Critical Vulnerability Information #### Vulnerability Title - **Non-authorized (without secret key) access to encrypted database using execute statement on external.** #### Severity - **Severity**…

Read more
CVSS 5.3
Tuleap CVE-2024-23344 Unauthorized Artifact Readability Vulnerability Advisory
github.com · 2025-11-08

### Vulnerability Key Information #### Vulnerability Description - **Name**: Content of artifacts might be readable by unauthorized users - **CVE ID**: CVE-2024-23344 - **Publisher**: LeSuisse - **Rel…

Read more
CVSS 7.5
cyclonedx-core-java XXE Vulnerability (CVE-2025-64518) Advisory
github.com · 2025-11-11

### Vulnerability Key Information #### Vulnerability Name BOM validation is vulnerable to XML External Entity injection #### Severity - **Level**: High - **CVSS v3 base metrics** - Attack vector: Netw…

Read more
CVSS 8.7
iTop Webhook Database Drop Vulnerability (CVE-2025-49145)
github.com · 2025-11-11

### Vulnerability Key Information #### Vulnerability Title iTop admin can drop iTop database using webhooks #### Publisher and Publication Time - **Publisher**: BenGrenoble - **Publication Time**: 16 …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.