Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 13+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
rack-multipart CRLF Injection in Folded Multipart Headers
github.com · 2026-04-03
rack >= 3.2, < 3.2.6
Read more
Medium
Rack Multipart Boundary Parsing Differential WAF Bypass
github.com · 2026-04-03
Rack >= 3.0, < 3.2.1 · Rack >= 3.0, < 3.2.4
Read more
High
Rack Forwarded Header Parsing Flaw Enables Host/Scheme Spoofing
github.com · 2026-04-03
Rack >= 3.0 < 3.21 · Rack >= 2.2 < 2.28
Read more
High
Rack CVE-2024-28121 DoS via excessive overlapping byte ranges
CVE-2024-28121 · github.com · 2026-04-03
rack < 2.2.2 · rack >= 1.6, < 1.21 …
Read more
High
Rack CVE-2023-3170 Static File Path Traversal Information Disclosure
CVE-2023-3170 · github.com · 2026-04-03
Rack < 2.2.23 · Rack >= 3.0, < 3.1.21 …
Read more
High
Rack Host Header Validation Bypass via Invalid Characters
github.com · 2026-04-03
rack >= 2.1.2, < 3.2.12.6
Read more
High
Rack::Sendfile X-Accel-Mapping Regex Injection Vulnerability Analysis
GHSA-332f-2f92-673f · github.com · 2026-04-03
Rack < 2.2.9 · Rack >= 3.0.0, < 3.2.1 …
Read more
High
Rack Directory Traversal Vulnerability (CVE-2026-22860) Advisory
CVE-2026-22860 · github.com · 2026-02-21
Rack < 2.2.22 · Rack >= 3.0, < 3.1.20 …
Read more
CVSS 7.5
Rack CVE-2025-61919 Unbounded Read Memory Exhaustion DoS
github.com · 2025-10-11

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion. - **CVE ID**: CVE-2025-61919 - **GHSA ID**: GHSA…

Read more
CVSS 7.5
Rack CVE-2025-59830: Rack::QueryParser params_limit bypass via semicolon causing DoS
github.com · 2025-09-26

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Unsafe default in `Rack::QueryParser` allows params_limit bypass via semicolon-separated parameters. - **CVE ID**: CVE-2025-59…

Read more
Rack CVE-2025-4907 ReDoS Vulnerability Fix in Multipart Parser
github.com · 2025-06-06

### Key Information - **Vulnerability Type**: ReDoS (Regular Expression Denial of Service) - **CVE ID**: CVE-2025-4907 - **Fix Commit**: aed514d - **Affected Files**: - `lib/rack/multipart/parser.rb` …

Read more
CVSS 4.2
Rack::Session::Pool Session Restoration Race Condition (CVE-2025-46336)
github.com · 2025-05-11

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: `Rack::Session::Pool` sessions can be restored after deletion - **Severity**: Medium (4.2/10) - **CVE ID**: CVE-2025-463…

Read more
CVSS 7.5
Rack CVE-2025-46727: Unbounded Parameter Parsing in Rack::QueryParser Causes Memory Exhaustion
github.com · 2025-05-09

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion - **Severity**: High (7.5/10) - **CVE I…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.