Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv | Advisories | VulnCheck
www.vulncheck.com · 2026-05-07

# Vulnerability Summary: OpenClaw Environment Variable Namespace Conflict ## Vulnerability Overview Prior to version 2026.4.20, OpenClaw failed to properly preserve the `OPENCLAW_` environment variabl…

Read more
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation | Advisories | VulnCheck
www.vulncheck.com · 2026-05-07

# Vulnerability Summary ## Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Zalo Photo URL Validation * **Vulnerability ID**: VC-918 * **CVSS Score**: HIGH * **Publication Date…

Read more
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL | Advisories | VulnCheck
www.vulncheck.com · 2026-05-07

# OpenClaw < 2026.4.5 - Second-Hop SSRF Vulnerability ## Vulnerability Overview OpenClaw contains a Server-Side Request Forgery (SSRF) vulnerability in the `CDP /json/version` WebSocket endpoint. Atta…

Read more
Release 0.23.3 · geopython/pygeoapi · GitHub
github.com · 2026-05-09

# Pygeoapi Security Vulnerability Summary ## Overview Pygeoapi 0.23.3 is a security update that resolves the following two vulnerabilities: - **GHSA-46pr-83pg-ghh6** - **GHSA-jgvc-94c8-3chc** ## Affec…

Read more
Division by zero crash when using non-default deferred retained message setting · Advisory · halfgaar/FlashMQ · GitHub
github.com · 2026-05-09

# Vulnerability Summary: FlashMQ Division by Zero Crash ## Overview - **Title**: Division by zero crash when using non-default deferred retained message setting - **CVE ID**: CVE-2026-42209 - **Severi…

Read more
Argo Workflows Credential Exposure via Log Leakage (CVE-2025-4235)
github.com · 2026-05-09

# Vulnerability Overview **Vulnerability Name**: Exposure of artifact repository credentials (CVE-2025-4235) **CVE ID**: CVE-2025-4235 **GHSA ID**: GHSA-7vf8-2drm-45m2 **Severity**: High **Affected Ve…

Read more
PHP ext-dom CVE-2026-7253 DoS via DOMNode::C14N()
github.com · 2026-05-10

# DoS attack via DOMNode::C14N() ## Vulnerability Overview - **CVE ID**: CVE-2026-7253 - **GHSA ID**: GHSA-4jhr-8w89-7733 - **CVSS Score**: 8.2 / 10 (High) - **Description**: Incorrectly removing an `…

Read more
Premium intel
CVSS 9.8
Traefik HTTP Client X-Forwarded Header Removal Vulnerability (CVE-2024-45410)
github.com · 2024-09-21

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: HTTP client can remove the X-Forwarded headers - **S…

Read more
CVSS 4.4
Nextcloud Missing Password Confirmation for External Storage Changes (CVE-2024-52518)
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Missing password confirmation when chan…

Read more
GitHub OAuth Device Authorization XSS Vulnerability (CVE-2026-21618)
github.com · 2026-01-20

### Vulnerability Key Information #### Basic Information - **Type**: Cross-site scripting (XSS) - **Location**: OAuth Device Authorization screen - **Vulnerability ID**: GHSA-6cw9-5gg4-rhpj - **CVE**:…

Read more
CVE-2025-70457: Arbitrary File Upload in Sourcecodester Modern Image Gallery v1.0 Leading to RCE
github.com · 2026-01-27

## Vulnerability Key Information ### Vulnerability Name Arbitrary File Upload in Sourcecodester Modern Image Gallery v1.0 Leading to Remote Code Execution ### Vulnerability Severity - **Severity Level…

Read more
CVSS 8.1
jsPDF AcroForm Arbitrary JavaScript Execution via PDF Injection (CVE-2026-24737)
github.com · 2026-02-03

### Key Information **Vulnerability Name**: - PDF Injection in AcroForm module allows Arbitrary JavaScript Execution **Vulnerability ID**: - GHSA-pqxr-3g65-p328 - CVE-2026-24737 **Affected Versions**:…

Read more
Premium intel
CVSS 10.0
CVE-2026-25587: Sandbox Escape RCE in @nyariv/sandboxjs via Map.prototype
github.com · 2026-02-07

### Key Information Summary #### Vulnerability Overview - **Vulnerability ID**: GHSA-66h4-qj4x-38xp - **CVE Number**: CVE-2026-25587 - **Publisher**: nyariv - **Release Date**: Yesterday - **Severity*…

Read more
CVSS 8.1
RustFS CVE-2026-27607 Missing Post Policy Validation Arbitrary Object Write
github.com · 2026-02-25

## Critical Vulnerability Information ### Vulnerability Title Missing Post Policy Validation Leads to Arbitrary Object Write ### Identification - **CVE ID:** CVE-2026-27607 - **GitHub Advisor:** GHSA-…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.