Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.3
XWiki Confluence Bridges RCE via Velocity Execution (CVE-2025-65036)
github.com · 2025-12-06

### Vulnerability Key Information #### Title - **Remote code execution using the confluence details summary macro** #### Reference - **GHSA-472x-fwh9-r82f** #### Severity - **Severity: High 8.3 / 10**…

Read more
CVSS 7.8
SumatraPDF Untrusted Search Path Vulnerability (CVE-2026-25880) Analysis
github.com · 2026-02-10

### Vulnerability Key Information #### Vulnerability Details - **Name**: Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows) - **Identifier**: GHSA-5x4h-247q-px37 - **CVE ID**: CVE-20…

Read more
Coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser · Advisory · NixOS/nix · GitHub
github.com · 2026-05-05

# Vulnerability Summary: Coroutine Stack Overflow in NAR Directory Parser ## Vulnerability Overview - **Vulnerability Name**: Coroutine stack-to-heap overflow via unbounded recursion in NAR directory …

Read more
Premium intel
CVSS 7.8
PHPUnit Argument Injection via Newline in INI Values (CVE-2026-24785)
github.com · 2026-05-08

# PHP Vulnerability Summary: Argument Injection via Newline in PHP INI Values Forwarded to Child Processes ## Vulnerability Overview PHP does not escape meta-characters when forwarding `php.ini` setti…

Read more
Premium intel
CVSS 7.8
PHPUnit PHP -d Parameter INI Injection Vulnerability Analysis
github.com · 2026-05-08

### Vulnerability Overview In PHP, when INI settings are passed to child processes via the `-d` argument, certain special characters (such as `;` and `"`) are not preserved. This can lead to INI direc…

Read more
CVSS 7.9
Canonical Juju CVE-2024-8038 Local DoS via Unauthenticated UNIX Socket
www.cve.org · 2024-10-03

### Key Information #### CVE-2024-8038 - **CNA (Canonical Ltd.)** - **Published**: 2024-10-02 - **Updated**: 2024-10-02 #### Description - **Vulnerable juju introspection abstract UNIX domain socket**…

Read more
CVSS 7.5
CVE-2024-7592: CPython Cookie Parsing DoS Vulnerability
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: There is a LOW severity vulnerability affecting CPython, ... 2. **Vulner…

Read more
CVSS 4.5
Rust transpose library integer overflow leading to out-of-bounds write (CVE-2023-53156)
github.com · 2025-07-30

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2023-53156 - **GHSA ID**: GHSA-5gmm-6m36-r7j - **Severity**: Medium (4.5/10) - **Release Date**: April 5, 2024 - **…

Read more
CVE-2025-54801: Go Fiber BodyParser Out-of-Bounds Slice Allocation DoS
github.com · 2025-08-07

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Crash in `BodyParser` Due to Unvalidated Large Slice Index in Decoder - **CVE ID**: CVE-2025-54801 - **GHSA ID**: GHSA-qx2q-88…

Read more
XWiki Blog Plugin RCE via Script Macro (CVE-2025-58365)
github.com · 2025-09-10

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Privilege escalation (PR) from account through blog content - **CVE ID**: CVE-2025-58365 - **GHSA ID**: GHSA-gwj6-xpfg-p…

Read more
containerd CRI Attach Goroutine Leak Memory Exhaustion Vulnerability (CVE-2025-64329)
github.com · 2025-11-09

### Key Information Summary #### Vulnerability Overview - **Title**: Host memory exhaustion through goroutine leaks of Attach functionality in CRI server - **GHSA ID**: GHSA-m6hq-p25p-ffr2 - **CVE ID*…

Read more
CVSS 8.1
OpenOlat Path Traversal Leading to Code Execution (CVE-2021-39180)
github.com · 2025-11-11

## Summary **Vulnerability**: Path Traversal in Archive Handling Leading to Code Execution **GHSA ID**: GHSA-x95v-2pgj-9x8j **CVE ID**: CVE-2021-39180 **Severity**: High **Published Date**: Aug 31, 20…

Read more
CVSS 3.1
Nextcloud user_saml Open Redirect via RelayState (CVE-2024-22400)
github.com · 2025-11-11

### Key Information **Vulnerability Title**: Open redirect in user_saml via RelayState parameter **CVE ID**: CVE-2024-22400 **GHSA ID**: GHSA-622q-xhfr-xmv7 **Release Date**: Jan 18, 2024 **Severity**…

Read more
CVSS 7.7
Aiven BigQuery Sink Connector Arbitrary File Read/SSRF Vulnerability (CVE-2026-23529)
github.com · 2026-01-20

## Critical Vulnerability Information ### Vulnerability Description - **Vulnerability Name**: Arbitrary File Read in Google BigQuery Sink connector - **CVE ID**: CVE-2026-23529 - **GHSA ID**: GHSA-3mg…

Read more
CVSS 8.2
node-tar Arbitrary File Read/Overwrite via Hardlink Path Traversal (CVE-2026-24842)
github.com · 2026-01-28

From this webpage screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Summary - **Vulnerability Name**: Arbitrary File Read/Overwrite via Hardlink Path…

Read more
Claude Code Symbolic Link Permission Bypass (CVE-2026-25724)
github.com · 2026-02-07

### Vulnerability Key Information - **Vulnerability Name**: Permission Deny Bypass Through Symbolic Links - **CVE ID**: CVE-2026-25724 - **GHSA ID**: GHSA-4q92-rfm6-2cqxl - **Publisher**: ddwroken - *…

Read more
CVSS 7.1
OpenSift SSRF Vulnerability (CVE-2026-27170) Fix Details
github.com · 2026-02-21

### Vulnerability Key Information #### Vulnerability Description - **Vulnerability Name**: SSRF risk in OpenSift URL ingestion endpoint - **CVE ID**: CVE-2026-27170 - **Release Date**: 2 days ago - **…

Read more
Boltz Insecure Deserialization RCE (CVE-2025-70560)
github.com · 2026-02-21

### Key Information - **Vulnerability Title** - Boltz contains an insecure deserialization vulnerability in its molecule loading functionality - **CVE ID** - CVE-2025-70560 - **GHSA ID** - GHSA-fjm6-8…

Read more
free5GC SMF PFCP Null Pointer Dereference DoS (CVE-2026-25501)
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Role:** Professional translator specializing in cybersecurity. * **Cons…

Read more
CVSS 4.9
sealed-secrets CVE-2026-22728: rotate endpoint widens sealing scope to cluster-wide
github.com · 2026-02-26

### Key Information **Vulnerability Title**: `sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations` **SHSA ID**: `GHSA-465p-v42x-3fmj` **CVE I…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.