Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.8
OpenHarness /bridge Command Remote Code Execution Fix
github.com · 2026-05-01

# [security] fix(commands): keep bridge local-only by default #208 ## Vulnerability Overview This PR addresses a security vulnerability in the `/bridge` command within OpenHarness. The command allows …

Read more
Premium intel
CVSS 8.8
OpenHarness: Fix Remote Command Execution Risk by Defaulting Bridge Commands to Local-Only
github.com · 2026-05-01

### Vulnerability Overview This vulnerability involves the OpenHarness project, where bridge commands are set to local-only by default. This change aims to prevent the accidental execution of remote m…

Read more
CVSS 4.8
Exim SPA Auth Buffer Uninitialized & Out-of-Bounds Write (CVE-2026-40687)
code.exim.org · 2026-05-01

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-40687 - **Vulnerability Type**: Improper Buffer Usage - **Description**: The SPA authenticator in Exim uses an uninitialized buffer, which…

Read more
CVSS 5.9
Exim CVE-2026-40684 Remote Crash via DNS Parsing in musl libc
code.exim.org · 2026-05-01

# Vulnerability Summary: Exim CVE-2026-40684 ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-40684 * **Vulnerability Type**: Remote-triggered crash * **Trigger Conditions**: When Exim uses …

Read more
CVSS 3.7
Exim CVE-2026-40686 Heap Corruption Vulnerability Analysis and Fix
code.exim.org · 2026-05-01

# Vulnerability Summary: Exim CVE-2026-40686 ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-40686 - **Vulnerability Type**: Heap Corruption - **Trigger Conditions**: When Exim receives mal…

Read more
CVSS 3.5
LinkStack <=4.8.6 Stored XSS Vulnerability Analysis
github.com · 2026-05-01

# CVE Report: LinkStack Stored Cross-Site Scripting Vulnerability (Stored XSS) ## Vulnerability Overview * **Product Name**: LinkStack (LinkStackOrg/LinkStack) * **Affected Versions**: pageDescription…

Read more
Traefik v2.11.43 Fixes Multiple Middleware AuthN/AuthZ Vulnerabilities (CVE-2026-40912, etc.)
github.com · 2026-05-01

### Vulnerability Overview In `traefik` version `v2.11.43`, multiple security vulnerabilities (CVEs) exist, primarily involving authentication and authorization issues within middleware. These vulnera…

Read more
Traefik v2.11.43 Chain Middleware Cross-Namespace Reference Configuration Issue
github.com · 2026-05-01

### Vulnerability Overview This vulnerability involves the `allowCrossNamespace` configuration option in Traefik. In version v2.11.43, the `Chain` middleware now supports the `allowCrossNamespace` opt…

Read more
Traefik v3.7.0-rc.2 Multiple CVE Vulnerability Fixes
github.com · 2026-05-01

# Traefik v3.7.0-rc.2 Vulnerability Remediation Summary ## Vulnerability Overview This version fixes multiple security vulnerabilities (CVEs), primarily affecting various components and middleware of …

Read more
Traefik Kubernetes CRD Cross-Namespace Middleware Binding Bypass (CVE-2025-41174)
github.com · 2026-05-01

# Traefik Kubernetes CRD Allows Unauthorized Cross-Namespace Middleware Binding ## Vulnerability Overview The Kubernetes CRD provider in Traefik has a potential vulnerability in the enforcement of cro…

Read more
Traefik ForwardAuth Authentication Bypass via X-Forwarded-Prefix (CVE-2026-3551)
github.com · 2026-05-01

# Traefik ForwardAuth Trusts Forged X-Forwarded-Prefix to Bypass Authentication ## Vulnerability Overview The `ForwardAuth` middleware in Traefik has a high-severity authentication bypass vulnerabilit…

Read more
Traefik StripPrefixRegex Authentication Bypass Vulnerability (CVE-2024-40912)
github.com · 2026-05-01

# Traefik StripPrefixRegex Authentication Bypass Vulnerability Summary ## Vulnerability Overview A high-severity authentication bypass vulnerability exists in Traefik's `StripPrefixRegex` middleware w…

Read more
Premium intel
CVSS 7.2
SSCMS v7.4.0 Unauthorized SQL Injection in /api/st/actions/dynamic
github.com · 2026-05-01

# Vulnerability Overview **Vulnerability ID**: #3891 **Vulnerability Type**: Unauthorized SQL Injection **Status**: Open (Public) **Discovered by**: hss94531 **Vulnerability Details**: Code auditing r…

Read more
CVSS 6.5
OSPF TE/SR TLV Integer Overflow Vulnerability Fix Analysis
github.com · 2026-05-01

# OSPF TE/SR TLV Parsing Vulnerability Fix Summary ## Vulnerability Overview This vulnerability exists in the TE (Traffic Engineering) and SR (Segment Routing) TLV (Type-Length-Value) parsers of the O…

Read more
CVSS 6.5
OSPF Buffer Overflow Vulnerability Fix Analysis
github.com · 2026-05-01

# Vulnerability Summary ## Vulnerability Overview This commit fixes multiple **buffer overflow vulnerabilities** in the implementation of the OSPF (Open Shortest Path First) protocol. These vulnerabil…

Read more
CVSS 6.5
FRRouting 10.5.3 Security Vulnerability Fixes Summary
github.com · 2026-05-01

# FRRouting 10.5.3 Vulnerability Fix Summary ## Vulnerability Overview FRRouting version 10.5.3 fixes multiple security vulnerabilities, primarily involving memory safety, boundary checks, and protoco…

Read more
CVSS 8.7
ApostropheCMS Stored XSS Vulnerability (CVE-2026-35569) with POC
github.com · 2026-05-01

# CVE-2026-35569 Vulnerability Summary ## Vulnerability Overview **CVE-2026-35569** is a Stored Cross-Site Scripting (Stored XSS) vulnerability present in **ApostropheCMS**. The vulnerability resides …

Read more
Premium intel
CVSS 7.2
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
github.com · 2026-05-01

# OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials ## Vulnerability Overview Amazon Elastic Container Service (Amazon ECS) contains a security vulnerability. Und…

Read more
CVSS 4.6
SSCMS v7.4.0 Unauthenticated Reflected XSS Vulnerability (#3892)
github.com · 2026-05-01

### Vulnerability Overview - **Vulnerability Type**: Reflected XSS (Cross-Site Scripting) - **Vulnerability ID**: #3892 - **Status**: Open - **Reporter**: hss94531 - **Editor**: hss94531 - **Report Ti…

Read more
OpenSGS v2.7.3 NGAP Assertion Failure Crash Fix
github.com · 2026-05-01

# OpenSGS Vulnerability Summary ## Vulnerability Overview - **Title**: Assertion failure in `ngap_build_pdu_session_resource_modify_transfer` during PDU Session Modification request - **Issue ID**: #3…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.