Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 163+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Premium intel
High
openclaw CVE-2026-32013 Symlink Traversal RCE via agents.create/update
CVE-2026-32013 · github.com · 2026-04-10
openclaw <= 2026.2.22
Read more
High
Synology Chat Webhook Token Brute-force Vulnerability and Rate Limiting Fix
github.com · 2026-04-10
Synology Chat
Read more
High
Mattermost Gateway Endpoint Snapshot Credential Leakage Fix
github.com · 2026-04-10
openclaw/openclaw Gateway
Read more
High
Synology Chat Plugin Multi-Account Webhook Path Sharing Vulnerability and Fix
github.com · 2026-04-10
openclaw/synology-chat < 980940a
Read more
Medium
Plivo V2 Webhook Replay Attack Fix: Replay Key Generation Logic Update
github.com · 2026-04-10
openclaw/voice-call
Read more
High
Analysis of Authentication Bypass Vulnerability Fix in Gateway Canvas Route
github.com · 2026-04-10
openclaw openclaw@d5dc6b6
Read more
Premium intel
High
OpenWebUI Gateway Fix: X-Forwarded-For Spoofing and Device Pairing Authorization Bypass
github.com · 2026-04-10
OpenWebUI Gateway < unspecified
Read more
High
Twilio Voice Call Plugin Webhook DoS Fix: Pre-Auth Signature Verification
github.com · 2026-04-10
openclaw/openclaw voice-call plugin
Read more
High
openlaw-tools session_status Privilege Escalation Fix
github.com · 2026-04-10
openclaw/openclaw
Read more
High
Privilege Escalation Fix: auto-reply ACP config modification restricted to operator.admin
github.com · 2026-04-10
openclaw/openclaw
Read more
High
openclaw Google Chat integration fix for unauthorized access via deprecated group IDs
github.com · 2026-04-10
openclaw/openclaw
Read more
High
Gateway Session Kill API Insecure Direct Object Reference Fix and POC
github.com · 2026-04-10
openclaw < 02cf123
Read more
Premium intel
Unknown
Fix SSRF protection logic in fetch-guard: DNS pinning fallback when trusted proxy is unavailable
github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** This commit resolves a conflict between DNS pinning logic and Trusted Environment Proxy logic within the `fetch-guard` module. *…

Read more
High
libxml2 CVE-2024-3818 Stack Overflow Vulnerability and POC Analysis
CVE-2024-3818 · github.com · 2026-04-04
libxml2 < 2.12.6
Read more
Medium
opencwlaw OAuth PKCE verifier leakage via state parameter
github.com · 2026-04-04
openclaw <2026.4.1
Read more
Premium intel
High
openapi-generator CLI RCE via x-enum-varnames in OpenAPI spec
github.com · 2026-04-03
openapi-generator-cli · openapi-generator
Read more
High
libxml2 CVE-2024-38288 Heap Buffer Overflow Vulnerability and Fix Analysis
CVE-2024-38288 · github.com · 2026-04-03
libxml2 all versions before fix
Read more
Medium
OpenClaw npm exec script preflight validation bypass vulnerability
github.com · 2026-04-03
openclaw <= 2026.4.1
Read more
High
GitLab CVE-2024-9385 Privilege Escalation via API Fix
CVE-2024-9385 · github.com · 2026-04-03
GitLab 16.0.0 to 16.10.0 · GitLab 16.11.0 to 16.11.2 …
Read more
Medium
OpenLaw npm package env var override bypasses system.run approval binding
github.com · 2026-04-03
openlaw < 2026.4.1
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.