Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Security Intel Hub 25435+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Termix SSH Command Injection Vulnerability (CVE-2026-4253) Analysis and POC
github.com · 2026-05-09

# Vulnerability Summary: Termix-SSH Command Injection Vulnerability ## Vulnerability Overview A command injection vulnerability exists in the `extractArchive` and `compressFiles` endpoints due to the …

Read more
CVSS 8.1
TOTP Pending-Temp Token Allows Backup Code Regeneration and 2FA Bypass
github.com · 2026-05-09

### Vulnerability Overview **Vulnerability Name**: Pending-TOTP temporary token allows regeneration of backup codes, neutralizing TOTP **Vulnerability Description**: - On the `/users/login` endpoint, …

Read more
CVSS 4.3
anything-llm IDOR Vulnerability: Cross-User TTS Audio Disclosure
github.com · 2026-05-09

# Vulnerability Summary: Cross-User TTS Audio Disclosure via Chat ID (IDOR) ## Vulnerability Overview In the **Mintplex-Labs/anything-llm** project, an **Insecure Direct Object Reference (IDOR)** vuln…

Read more
CVSS 6.3
Grimmory Stored XSS via Malicious EPUB: Session Token Theft Analysis
github.com · 2026-05-09

# Stored XSS Vulnerability: Session Token Theft via Malicious EPUB ## Vulnerability Overview Grimmory's browser-based EPUB reader contains a stored Cross-Site Scripting (XSS) vulnerability. Attackers …

Read more
CVSS 6.6
Vim Heap Buffer Overflow in Spell File Loading (CVE-2026-4530)
github.com · 2026-05-09

# Vulnerability Summary: Heap Buffer Overflow in Vim Spell File Loading ## Vulnerability Overview - **Vulnerability Name**: Heap Buffer Overflow in spell file loading affects Vim When `todo` is suffic…

Read more
Premium intel
CVSS 9.9
Termix SSH OS Command Injection Vulnerability (CVE-2025-42454) Analysis
github.com · 2026-05-09

# Termix SSH OS Command Injection Vulnerability Summary ## Vulnerability Overview The Docker container management endpoint in Termix SSH is vulnerable to OS command injection. An attacker can execute …

Read more
CVSS 6.6
Vim spellfile.c Heap Buffer Overflow in read_compound
github.com · 2026-05-09

### 漏洞概述 在 `spellfile.c` 的 `read_compound()` 函数中存在一个堆缓冲区溢出漏洞。该漏洞发生在计算正则表达式模式缓冲区大小时,使用了有符号整数算术。当攻击者控制的 `SN_COMPOUND` 部分长度超过 400000000 字节时,由于 UTF-8 编码激活,乘法运算会回绕到 27,导致每字节循环写入超过 18 字节,从而溢出堆。 ### 影响范围 - *…

Read more
Vim path option backtick command execution vulnerability fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: The `path` option in `vim/vim` may lead to command execution. - **Problem Description**: When backticks are included in the `path` option, shell co…

Read more
Vim < 9.2.0435 OS Command Injection via Path Completion
github.com · 2026-05-09

# OS Command Injection via 'path' completion affects Vim < 9.2.0435 ## Vulnerability Overview The `:find` command-line completion feature in Vim contains an OS command injection vulnerability. When th…

Read more
CVSS 7.1
CVE-2025-4142 Stripe Webhook Signature Bypass Leads to Infinite Credit Fraud
github.com · 2026-05-09

# Stripe Webhook Signature Bypass Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Infinite Quota Fraud via Stripe Webhook Signature Bypass **Severity**: High (7.1/10) **CVE ID*…

Read more
Premium intel
CVSS 10.0
Arbitrary Code Execution in Postiz-app GitHub Actions Workflow (CVE-2026-42298)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Name**: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev - **Vulnerability Type**: Arbitrary Co…

Read more
SSRF Filter Bypass via 0.0.0.0 in QuantumNous/new-api
github.com · 2026-05-09

# SSRF Filter Bypass via 0.0.0.0 ## Vulnerability Overview This vulnerability exists in the `QuantumNous/new-api` project. Although SSRF protections were introduced in v0.9.0 and hardened in v0.9.6, t…

Read more
CVSS 4.4
Vim netrw Runtime Shell Injection via sftp/file URLs Fix Analysis
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Runtime Injection - **Vulnerability Type**: Shell injection via SFTP and file URLs - **Description**: Shell injection occurs at runtime through SFT…

Read more
CVSS 7.5
pygeopapi Path Traversal Vulnerability Fix and PoC
github.com · 2026-05-09

# Vulnerability Summary ## Overview This vulnerability affects the `filesystem.py` file in the `pygeopapi` project, specifically related to path handling. Attackers can bypass security checks by const…

Read more
Open Redirect in Kargo UI OIDC Login Flow via redirectTo Parameter
github.com · 2026-05-09

# Vulnerability Summary: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter ## Vulnerability Overview - **Vulnerability Type**: Open Redirect - **Affected Component**: OIDC login flow …

Read more
CVSS 6.5
Gitroom SSRF Vulnerability Fix: DNS Rebinding Protection via Custom Dispatcher
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This commit fixes a **SSRF (Server-Side Request Forgery) vulnerability**. Attackers can exploit this by constructing malicious URLs, causing the serve…

Read more
Premium intel
CVSS 8.6
pygeoapi SSRF Vulnerability: allow_internal_requests Configuration Flaw Analysis
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a feature in the `pygeoapi` project that allows internal HTTP requests. By default, `allow_internal_requests` is set to `F…

Read more
CVSS 7.9
Cilium CVE-2024-43320: bugtool exposes WireGuard private keys
github.com · 2026-05-09

# Vulnerability Overview **Title**: Sensitive information included in cilium-bugtool debug archive **Severity**: High (7.9 / 10) **CVE ID**: CVE-2024-43320 **Description**: `cilium-bugtool` is a debug…

Read more
CVSS 7.9
Cilium v1.19.3 Security Advisory: BPF Panic, Memory Leak, Policy Fix
github.com · 2026-05-09

### Vulnerability Overview In Cilium v1.19.3, several security-related vulnerabilities and fixes were addressed, primarily involving the following areas: 1. **Performance issues in L7 policy proxy red…

Read more
CVSS 7.9
Cilium v1.17 Security Update: Memory Leaks, Panics, and IPAM Bugs Fix
github.com · 2026-05-09

### Vulnerability Overview - **v1.17** Fixed incorrect policy service selector handling (#44950, @fristonio). - **envoy** Fixed the XDS server NPDs listener count issue (Backport PR #45262, Upstream P…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.