Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 8.8
WP Editor <=1.2.9.2 CSRF to RCE and Historical Vulnerabilities Summary
www.wordfence.com · 2026-05-02

# WP Editor <= 1.2.9.2 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Remote Code Execution (RCE) caused by Cross-Site Request Forgery (CSRF). * **CVSS Score**: 8.8 * **Root…

Read more
CVSS 6.3
yii2-mcp-server 1.0.2 Command Injection Vulnerability Analysis
github.com · 2026-05-02

# Yii2-MCP-Server Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability (CWE-78) was discovered in `yii2-mcp-server` version 1.0.2. The vulnerability exis…

Read more
CVSS 6.3
Yii2-MCP-Server Command Injection Vulnerability Analysis and Fix
github.com · 2026-05-02

# Yii2-MCP-Server Command Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Yii2-MCP-Server Command Injection Vulnerability (CVE ID Request) * **Vulnerability Type**:…

Read more
CVSS 6.3
hwxp-mcp-server Arbitrary File Write Vulnerability (CVE-73) Analysis and Fix
github.com · 2026-05-02

# Vulnerability Summary: Arbitrary File Write Vulnerability in hwxp-mcp-server ## Vulnerability Overview * **Vulnerability Name**: Arbitrary File Write Vulnerability in hwxp-mcp-server (CVE-73) * **Vu…

Read more
CVSS 6.3
hwpx-mcp-server Arbitrary File Write Vulnerability Analysis
github.com · 2026-05-02

# Vulnerability Summary: hwpx-mcp-server Arbitrary File Write Vulnerability ## Vulnerability Overview * **Vulnerability Name**: hwpx-mcp-server Arbitrary File Write Vulnerability (CVE ID Request) * **…

Read more
Premium intel
CVSS 6.3
mem0 FAISS Vector Store Pickle Deserialization RCE Vulnerability and Fix
github.com · 2026-05-02

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Arbitrary Code Execution via Pickle in FAISS Vector Store - **Vulnerability Description**: There is a risk of arbitrary code…

Read more
Premium intel
CVSS 6.3
mem0 Unsafe Deserialization RCE via pickle.load in FAISS Index
github.com · 2026-05-02

# [Security] Code Execution via Unsafe Deserialization #3778 ## Vulnerability Overview In the `mem0` project, due to the use of the insecure `pickle.load()` function for deserialization, there is a re…

Read more
Premium intel
CVSS 6.3
Fix Unsafe Pickle Deserialization RCE in FAISS Vector Store
github.com · 2026-05-02

### Vulnerability Overview - **Vulnerability Name**: Unsafe Pickle Deserialization in FAISS Vector Store - **Vulnerability Type**: Remote Code Execution (RCE) - **Vulnerability Description**: In the `…

Read more
CVSS 4.3
Stored XSS in UI/UX Pro Max Skill (uipro-cli) via JSON Input
github.com · 2026-05-02

# Slide Generator Multiple Stored XSS Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Slide Generator Multiple Stored XSS (46 Injection Points) * **Vulnerability ID**: #247 *…

Read more
CVSS 4.3
Ultimate Dashboard <= 3.8.14 CSRF Vulnerability Allows Module Activation/Deactivation
www.wordfence.com · 2026-05-02

# Vulnerability Summary: Cross-Site Request Forgery in Ultimate Dashboard <= 3.8.14 Leading to Module Activation/Deactivation ## Vulnerability Overview The Ultimate Dashboard plugin contains a Cross-S…

Read more
Bandit WebSocket fragmented message DoS fix and config
github.com · 2026-05-02

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves the handling of fragmented frames in the WebSocket protocol. Specifically: - There is no limit on the maximum length of fr…

Read more
CVE-2026-42786: Bandit WebSocket Unbounded Fragment Accumulation OOM Vulnerability
github.com · 2026-05-02

# Bandit Buffer Overflow Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Bandit Unterminated WebSocket Continuation Frame Buffer Overflow Leading to OOM Host Kill - **CVE ID*…

Read more
Premium intel
CVSS 7.3
Arbitrary File Write Vulnerability in mcp-game-asset-gen (CWE-73) Analysis and Fix
github.com · 2026-05-02

# Vulnerability Summary: Arbitrary File Write Vulnerability in mcp-game-asset-gen ## Vulnerability Overview * **Vulnerability Name**: Arbitrary File Write Vulnerability in mcp-game-asset-gen (CVE-73) …

Read more
Bandit HTTP/2 Frame Size Limit Bypass Leading to Memory Exhaustion DoS
github.com · 2026-05-02

# Summary of Bandit Memory Exhaustion Vulnerability Due to HTTP/2 Frame Size Limit Bypass ## Vulnerability Overview Bandit's HTTP/2 parser checks the frame size limit only after the complete frame bod…

Read more
CVSS 6.3
Code Injection RCE in UI/UX Pro Max Skill (uipro-cli) via Tailwind Config Generator
github.com · 2026-05-02

# Tailwind Config Generator Code Injection Leads to RCE (#246) ## Vulnerability Overview * **Vulnerability Type**: Code Injection (CWE-94) * **Severity**: Critical (CVSS 9.3) * **Affected Product**: U…

Read more
Premium intel
CVSS 7.3
Command Injection in Sunwood-ai-labs command-executor-mcp-server (CWE-78)
github.com · 2026-05-02

# Vulnerability Summary: command-executor-mcp-server Command Injection Vulnerability ## Overview * **Vulnerability Type**: Command Injection (CWE-78) * **Vulnerability ID**: GitHub Issue #6 * **Affect…

Read more
Bandit WebSocket max_inflate_ratio fix for inflate bomb DoS
github.com · 2026-05-02

### Vulnerability Overview This vulnerability involves setting a `max_inflate_ratio` limit in compressed WebSocket frames to prevent “inflate bomb” attacks. An attacker can send small compressed messa…

Read more
Bandit HTTP Server Multiple Content-Length Header Validation Fix
github.com · 2026-05-02

# Vulnerability Summary ## Overview This vulnerability involves an issue when handling multiple `Content-Length` headers in HTTP requests. When a request contains multiple `Content-Length` headers, th…

Read more
Bandit HTTP/2 Transport/Protocol Confusion Vulnerability Fix
github.com · 2026-05-02

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a **confusion issue between the transport layer and protocol layer** in the HTTP/2 protocol. An attacker can craft special…

Read more
CVSS 6.3
Code Injection RCE in tailwind_config_gen.py _format_plugins
github.com · 2026-05-02

# Vulnerability Summary ## Overview - **Vulnerability Type**: Code Injection - RCE Vulnerability - **CVSS Score**: 9.3 (Critical) - **Report ID**: #246 - **Fix PR**: #275 ## Impact Scope - **Affected …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.