Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 28770+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Microsoft Defender for Endpoint macOS CVE-2026-45647 Privilege Escalation via TOCTOU
www.bountyy.fi · 2026-06-09

### Vulnerability Overview - **Vulnerability Name**: BlackSun - **CVE ID**: CVE-2026-45647 - **Description**: In Microsoft Defender for Endpoint on macOS, the `wdavdaemon` fails to re-validate the ori…

Read more
Meta Smart Glasses Privacy Concerns: Embedded Face Recognition Code 'NameTag'
www.malwarebytes.com · 2026-06-09

### Vulnerability Overview Meta’s smart glasses have once again become the focus of privacy controversy due to built-in facial recognition code named “NameTag.” This code is embedded in the Meta AI co…

Read more
Google Chrome V8 Out-of-bounds Read/Write Fix (CVE-2026-11645)
www.malwarebytes.com · 2026-06-09

### Vulnerability Overview Google has released an update for the Chrome browser that fixes multiple high-severity vulnerabilities, including one that is being actively exploited. This vulnerability is…

Read more
LLVM BOLT-based Static Analysis for Uninitialized Stack Variable Vulnerabilities
blog.quarkslab.com · 2026-06-08

### Vulnerability Overview This webpage presents an LLVM-based BOLT binary analyzer designed to verify the initialization of stack variables. The analyzer aims to detect reads of uninitialized stack v…

Read more
Software Supply Chain Security Best Practices Guide
www.docker.com · 2026-06-08

### Vulnerability Overview This webpage primarily discusses best practices for software supply chain security, particularly tailored for development teams. The article highlights that software supply …

Read more
RUSTSEC-2026-0174: http-types violates ASCII invariant in Authorization and WwwAuthenticate headers
rustsec.org · 2026-06-08

# RUSTSEC-2026-0174 ## Vulnerability Overview `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants. ## Affected Scope - **Package**: `http-types` - **Type**: Notice - **Key…

Read more
Ren'Py Loader Malware Campaign Analysis
www.malwarebytes.com · 2026-06-08

### Vulnerability Overview - **Vulnerability Name**: Ren'Py Loader (Ren'Py) - **Vulnerability Description**: A new Windows malware campaign is hidden within pirated PC games and modified installers, s…

Read more
CVSS 4.4
Passeum Ticketing 1.0.1 Security Fix Advisory
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview This vulnerability involves the `trunk/passeum-ticketing.php` file within the `passeum-ticketing` plugin. The vulnerability type is a security fix, specifically addressing a…

Read more
CVSS 4.4
WordPress Plugin Passeum Ticketing XSS Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview The provided screenshot displays the source code of the `passeum-ticketing.php` file for the WordPress plugin "Passeum Ticketing." A potential security vulnerability exists …

Read more
CVSS 4.4
WordPress passem-ticketing Plugin Input Validation Flaw Analysis
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview The provided web screenshot displays a code file from a WordPress plugin directory, specifically `passem-ticketing/tags/1.0/inc/settings.php`. The file contains a potential …

Read more
CVSS 4.3
ReDoS Vulnerability in Excel/DOCX Search and Fix Analysis
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves the regular expression patterns used in Excel/DOCX searches, which may lead to Denial of Service (ReDoS) attacks. An attacker can construct speci…

Read more
CVSS 6.3
SSRF Vulnerability in MCP read_file URL Fetching #410
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Server-Side Request Forgery (SSRF) in `read_file` URL Fetching #410 **Vulnerability Type**: SSRF **Affected Version**: 0.2.37 **Operating System**: U…

Read more
CVSS 4.3
CODE-INDEX-MCP ReDoS in search_code_advanced via unvalidated regex pattern
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Unvalidated patterns may lead to ReDoS attacks #84 **Vulnerability Type**: ReDoS (Regular Expression Denial of Service) **Vulnerability Description**…

Read more
CVSS 6.3
SSRF Vulnerability Patch Guide and PoC Code
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves a security issue in the URL retrieval process of `read_file`. Specifically, the `readFileFromUrl()` helper function directly uses user-supplied U…

Read more
CVSS 4.9
Affil.io Extension Sandbox Arbitrary File Read via simpleHttpClient
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Arbitrary File Read and Exfiltration via `simpleHttpClient` Extension Script **Vulnerability Description**: - An fully functional HTTP client, `simpl…

Read more
CVSS 8.0
Auth RCE in all.io via Extension Script Sandbox Escape (CVE-2025-35482)
github.com · 2026-06-03

### Vulnerability Overview **Authenticated RCE via Extension Script Sandbox Escape** - **Description**: A sandbox escape vulnerability exists in all.io's extension script engine, allowing authenticate…

Read more
Premium intel
CVSS 9.6
LibreChat MCP Server URL Injection Vulnerability: Critical Information Disclosure of JWT_SECRET and CRED_KEY
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Server Secrets Exfiltration via MCP Server URL Injection **Description**: A critical information disclosure vulnerability exists in LibreChat's Model…

Read more
LibreChat Shared-Agent Global File Deletion Vulnerability (CVE-2026-44854) with POC
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents - **CVE ID**: CVE-2026-44854 - **Severity**: Mod…

Read more
Premium intel
CVSS 8.2
Red Hat RHSA-2026:20613: gnutls Vulnerability Fixes (CVE-2026-33845, CVE-2026-3833, etc.)
access.redhat.com · 2026-06-03

### Vulnerability Overview - **Vulnerability ID**: RHSA-2026:20613 - **Publication Date**: 2026-05-26 - **Update Date**: 2026-05-26 - **Type**: Security Update - **Severity**: Important (Moderate) - *…

Read more
CVSS 5.5
blender-mcp Python Code Injection Leading to RCE via exec() Function
github.com · 2026-06-03

### Vulnerability Overview A code injection vulnerability exists in the `blender-mcp` project. The root cause is the use of Python's `exec()` function to execute user-controlled input without any sani…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.