Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.5
Prosody XMPP Server Security Advisory: CVE-2025-9975/9976/9977 (DoS & Unauth Proxy)
www.openwall.com · 2026-05-01

# Prosody XMPP Server Security Advisory Summary (2026-04-29) ## Vulnerability Overview This advisory covers two security vulnerabilities in the Prosody XMPP server software: 1. **Denial of Service (Do…

Read more
CVSS 6.5
Prosody XMPP Security Advisory: DoS and mod_proxy65 Unauthorized Access Vulnerabilities
prosody.im · 2026-05-01

# Prosody XMPP Server Security Advisory Summary (2026-04-29) ## Vulnerability Overview This advisory covers two security vulnerabilities in the Prosody XMPP server software: 1. **Denial of Service (Do…

Read more
CVSS 5.3
XMPP XMPKILL Vulnerability: DoS via BadXML and Fix Configurations
blog.unionium.org · 2026-05-01

# XMPP Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: XMPKILL - **Description**: The attacker establishes a large number of valid XMPP connections and then sends unparseable…

Read more
CVSS 4.3
Insecure CORS Configuration Allowing Cross-Origin Data Theft and Cookie Overwrite
github.com · 2026-05-01

### Vulnerability Overview This vulnerability involves an insecure CORS (Cross-Origin Resource Sharing) policy that allows cross-origin attacks. In the `on_prepare` handler, the `Origin` request heade…

Read more
CVSS 4.3
MeTube Permissive CORS Policy Leads to RCE/SSRF (CVE)
github.com · 2026-05-01

# CVE Report: Cross-Origin Request Forgery via Permissive CORS Policy in alexta69/MeTube ## Vulnerability Overview * **Product Name**: MeTube (alexta69/metube) * **Affected Versions**: MeTube CORS PoC…

Read more
CVSS 4.3
Analysis of Cross-Site Attack Vulnerability Due to Loose CORS Policy in Socket.IO Application
github.com · 2026-05-01

# Vulnerability Summary: Lenient CORS Policy Allowing Cross-Site Attacks (#949) ## Vulnerability Overview The `on_prepare` handler unconditionally reflects the `Origin` request header into the `Access…

Read more
CVSS 4.3
MetTube Fix: Loose CORS Policy Allowing Cross-Site Attacks
github.com · 2026-05-01

### Vulnerability Overview - **Vulnerability Name**: Fix for overly permissive CORS policy allowing cross-site attacks - **Vulnerability Description**: Fixed an overly permissive CORS policy that allo…

Read more
Premium intel
CVSS 7.3
AstroBot Dashboard Hardcoded Credentials and Timing Attack Vulnerability
github.com · 2026-05-01

# Vulnerability Summary: AstroBot Dashboard Hardcoded Credentials and Timing Attack ## Overview * **Vulnerability Name**: AstroBot Dashboard Hardcoded Credentials and Timing Attack * **Severity Level*…

Read more
CVSS 4.7
MacCMSPro Plugin Management Arbitrary File Upload and RCE Vulnerability Analysis
github.com · 2026-05-01

# MacCMSPro Plugin Management Arbitrary File Upload Vulnerability Security Report #1 ## Vulnerability Overview MacCMSPro has a security vulnerability in its plugin management feature, allowing attacke…

Read more
Premium intel
CVSS 8.0
OpenStack Ironic Command Injection: Tenant-controlled Binary Execution in chroot via grub-install
bugs.launchpad.net · 2026-05-01

# Vulnerability Summary: Command Injection via Tenant-Controlled Binary Execution in chroot ## Vulnerability Overview - **Vulnerability Type**: Command Injection - **Severity**: Critical - **Trigger M…

Read more
CVSS 7.9
OpenStack Keystone EC2 Credential Project Scope Escalation via /v3/ec2tokens
bugs.launchpad.net · 2026-05-01

### Vulnerability Overview **Vulnerability Name**: Generic EC2 credential creation allows application credentials to escape fixed project scope via /v3/ec2tokens **Vulnerability Description**: In Open…

Read more
CVSS 7.9
OpenStack Keystone EC2 Credential Project ID Mismatch Vulnerability
review.opendev.org · 2026-05-01

### Vulnerability Overview This vulnerability involves the failure to enforce application credential project boundaries within the EC2 credential path. Specifically, the `/v3/credentials` endpoint doe…

Read more
Buffer Overflow in APRSISClient::hashCallsign and Fix
github.com · 2026-05-01

### Vulnerability Overview The provided screenshot displays a C++ code file named `APRSISClient.cpp`, which contains a potential buffer overflow vulnerability. The vulnerability is located in the `has…

Read more
JS8Call Stack Overflow in APRS Grid Processing (CVSS 7.5)
github.com · 2026-05-01

# JS8Call Stack Overflow Vulnerability When Processing APRS GRID ## Vulnerability Overview JS8Call has a stack overflow vulnerability when processing grid data. When using an `@aprs GRID*` message con…

Read more
Premium intel
CVSS 7.3
SQL Injection in Electronic Judging System V1.0 Login (intrams/login.php) with POC
github.com · 2026-05-01

# ITSOURCECODE Electronic Judging System Project V1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Electronic Judging S…

Read more
CVSS 4.7
GYM MANAGEMENT SYSTEM SQL Injection Vulnerability Analysis
fox-byte.yuque.com · 2026-05-01

# Vulnerability Summary: GYM MANAGEMENT SYSTEM (SQL Injection) ## Overview * **Vulnerability Type**: SQL Injection * **Risk Level**: Critical * **Affected Endpoint**: `/admin/edit_exercises.php` * **A…

Read more
Premium intel
CVSS 7.3
Unauthenticated SQL Injection in Pharmacy Sales and Inventory System V1.0
github.com · 2026-05-01

# Vulnerability Summary: sourcecodedoster Pharmacy Sales and Inventory System SQL Injection ## Vulnerability Overview * **Product Name**: Pharmacy Sales and Inventory System Project V1.0 * **Vulnerabi…

Read more
Premium intel
CVSS 7.3
Unauthenticated SQL Injection in Pharmacy Sales and Inventory System V1.0
github.com · 2026-05-01

# Vulnerability Summary: Pharmacy Sales and Inventory System V1.0 SQL Injection ## Overview * **Vulnerability Name**: Pharmacy Sales and Inventory System Project V1.0 `/ajax.php?action=delete_customer…

Read more
Premium intel
CVSS 9.8
TOTOLINK NR1800X Stack Overflow via Host Header (PoC)
github.com · 2026-05-01

# TOTOLINK NR1800X Firmware Stack Overflow Vulnerability Summary ## Vulnerability Overview A stack overflow vulnerability exists in the HTTP request parsing logic of the TOTOLINK NR1800X firmware. An …

Read more
Premium intel
CVSS 8.8
TOTOLINK NR1800X Command Injection in cstecgi.cgi with POC
github.com · 2026-05-01

# TOTOLINK NR1800X Command Injection Vulnerability Summary ## Vulnerability Overview In the `setussd` processing path of `cstecgi.cgi`, the `ussd` parameter is directly concatenated into a command str…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.