Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 26046+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.3
AstroBot File Upload Path Traversal Vulnerability Patch Analysis
github.com · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview **Path Traversal Vulnerability** In the file upload functionality, insufficient security filtering of uploaded filenames allows attackers to construct…

Read more
CVSS 7.5
Mongoose NoSQL Injection Vulnerability in sanitizeFilter Mechanism
github.com · 2026-05-22

# Vulnerability Summary: Mongoose NoSQL Injection Vulnerability (GHSA-wpg8-53fq-2r8h) ## Vulnerability Overview An improper sanitization issue exists in Mongoose's `sanitizeFilter` query filtering mec…

Read more
Premium intel
CVSS 7.2
AWS SageMaker Python SDK v2.257.2 Triton HMAC Key Leakage Fix
github.com · 2026-05-22

# AWS SageMaker Python SDK Vulnerability Summary ## Vulnerability Overview In version v2.257.2 of the AWS SageMaker Python SDK, the following security vulnerabilities exist: 1. **Triton HMAC Key Leaka…

Read more
CVE-2026-39047 PrintHack Tool: POC for Printer Raw Socket Attack & DoS
github.com · 2026-05-22

Based on the provided webpage screenshot, here is a concise summary of the vulnerability and tool in English: ### Vulnerability Overview * **Vulnerability ID**: CVE-2026-39047 * **Vulnerability Name**…

Read more
CVSS 5.9
kusto-sink-azure-kusto KQL Injection Vulnerability
github.com · 2026-05-22

# Vulnerability Summary: KQL Injection in TopicToTableMapping Configuration Values ## Vulnerability Overview In the `TopicToTableMapping` configuration, the `db`, `table`, `mapping`, and `format` fiel…

Read more
CVSS 7.2
AWS SageMaker SDK HMAC Secret Stored in Plaintext Leading to RCE (CVE-2025-8596)
github.com · 2026-05-22

# Vulnerability Summary: Plaintext Storage of HMAC Signing Key in Amazon SageMaker Python SDK ## Vulnerability Overview A security vulnerability exists in the `ModelBuilder/Serve` path of the Amazon S…

Read more
CVE-2025-44308: Spring Cloud AWS SNS Signature Verification Missing Allows Request Forgery
github.com · 2026-05-22

# Vulnerability Summary: Missing Signature Verification for Spring Cloud AWS SNS Messages ## Vulnerability Overview The SNS HTTP/HTTPS endpoint notification functionality in Spring Cloud AWS (involvin…

Read more
Premium intel
CVSS 7.2
CVE-2024-3597: AWS SageMaker Python SDK Insecure Deserialization RCE Vulnerability Advisory
github.com · 2026-05-22

# Vulnerability Summary: Missing Integrity Verification in Triton Inference Handler of Amazon SageMaker Python SDK ## Vulnerability Overview In the Amazon SageMaker Python SDK, the Triton inference ha…

Read more
Path Traversal Vulnerability in Pode Add-PodeStaticRoute
github.com · 2026-05-22

# Vulnerability Summary: Vulnerable Add-PodeStaticRoute #1667 ## Vulnerability Overview A path traversal vulnerability exists in the Pode static routing functionality. The `Add-PodeStaticRoute` functi…

Read more
CVSS 5.9
CVE-2024-42118: Improper Validation in Azure Data Explorer Kafka Connect Plugin Leading to KQL Injection
github.com · 2026-05-22

# Vulnerability Overview **Title**: Improper Handling of User-Controlled Configuration Values Leading to Tampering in Azure Data Explorer Kafka Connect Plugin **CVE ID**: CVE-2024-42118 **CVSS v3 Base…

Read more
CVSS 4.3
Backstage unprocessed endpoints info leak advisory: auth bypass
github.com · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview **Title**: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks **Description**: The unprocessed e…

Read more
XSS in ip-address HTML-emitting methods
github.com · 2026-05-22

# XSS in Address6 HTML-emitting methods ## 漏洞概述 `Address6.group()` 和 `Address6.link()` 方法在将用户控制的输入嵌入 HTML 字符串时未进行转义。此外,`Address6` 构造函数在遇到无效输入时抛出的 `AddressError` 对象中的 `parseMessage` 属性也可能包含未转义的用户控制内容,从…

Read more
CVSS 6.1
jsondiffpatch HTML Escaping Flaw Leading to XSS: Fix and POC Analysis
github.com · 2026-05-22

### Vulnerability Overview This vulnerability involves the improper escaping of HTML characters in the `annotated.ts` file of the `jsondiffpatch` library, leading to potential Cross-Site Scripting (XS…

Read more
CVSS 8.2
Prototype Pollution in jsondiffpatch via JSON Patch
github.com · 2026-05-22

# JSON Diff Patch Prototype Pollution Vulnerability Summary ## Vulnerability Overview This vulnerability exists in the `jsondiffpatch` library. Attackers can exploit a logic flaw in the library's hand…

Read more
Premium intel
CVSS 8.8
Litellm Management Endpoints Jinja2 Sandbox Escape & LFR Fix
github.com · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview This commit fixes input validation issues in the management endpoints of the Litellm project. It primarily involves: - Fixing the sandbox environment …

Read more
Premium intel
CVSS 8.8
LiteLLM Bulk User Update Privilege Escalation Fix Analysis
github.com · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview A permission verification flaw exists in the BerriAI/litellm project. In the bulk user update path, field-level permission checks were supposed to be …

Read more
Premium intel
CVSS 8.8
LiteLLM Proxy Authorization Bypass via allowed_routes Fields
github.com · 2026-05-22

### Vulnerability Overview This vulnerability involves insufficient permission checks on the `allowed_routes` and `allowed_passthrough_routes` fields, allowing non-admin users to bypass standard route…

Read more
LibJWT Algorithm Confusion JWT Forgery via RSA JWK Empty-key HMAC
github.com · 2026-05-22

### Vulnerability Overview **Vulnerability Name**: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC **Description**: - **LibJWT** accepts RSA JWKs without an `alg` parameter as ve…

Read more
Premium intel
CVSS 8.8
BOLA Vulnerability Analysis and Fix for API Endpoint Authorization
github.com · 2026-05-22

### Vulnerability Overview This vulnerability involves misaligned field-level checks in user and key update endpoints, leading to potential security issues. Specifically: 1. **User Role Modification P…

Read more
Premium intel
CVSS 8.8
LiteLLM Proxy Admin Privilege Escalation via allowed_routes Bypass Fix
github.com · 2026-05-22

### Vulnerability Overview This vulnerability involves the extension of permission checks for service accounts and the hardening of request body acceptance. Specifically, the vulnerability exists in t…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.