Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 6+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Low
kimai Team API Missing Object-Level Authorization Vulnerability (CVE-2025-41498)
CVE-2025-41498 · github.com · 2026-05-08
kimai/kimai < 2.54.0
Read more
Medium
Kimai XLSX Formula Injection Vulnerability (CVE-2026-4257) Analysis
CVE-2026-4257 · github.com · 2026-05-08
kimai/kimai >= 2.27.0, <= 2.53.0
Read more
Medium
CVE-2025-44298: Kimai Invoice PDF Renderer Arbitrary File Read
CVE-2025-44298 · github.com · 2026-05-08
kimai/kimai >= 2.32.0, <= 2.55
Read more
Medium
Kimai Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
github.com · 2026-04-18
Kimai < 2.52.0 · Kimai latest (until report time)
Read more
Medium
CVE-2026-40486: BOPA allows standard users to modify restricted financial attributes
CVE-2026-40486 · github.com · 2026-04-18
kimai <v2.52.0
Read more
Medium
Kimai 2 Authenticated SSTI via Twig Sandbox (CVE-2026-23626)
CVE-2026-23626 · github.com · 2026-01-20
Kimai 2.45.0 and earlier
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.