Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 8+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
CVE-2026-25153: Arbitrary Code Execution in Backstage TechDocs via MkDocs Hooks
CVE-2026-25153 · github.com · 2026-01-31
Backstage 1.14.0 · Backstage < 1.13.10
Read more
Medium
Backstage TechDocs Path Traversal Vulnerability (CVE-2026-25152)
CVE-2026-25152 · github.com · 2026-01-31
@backstage/plugin-techdocs-node 1.14.0 · @backstage/plugin-techdocs-node < 1.13.10
Read more
High
FetchUrlReader Redirect Injection & SSRF Mitigation via Allow List
github.com · 2026-01-27

### Key Vulnerability Information #### 1. **Redirect Validation** - **Description**: - The code changes ensure that redirects are validated against the reading configuration. This is essential to prev…

Read more
High
Backstage Path Traversal Fix: Improved Symlink Handling Logic
github.com · 2026-01-27
@backstage/backend-plugin-api · @backstage/cli-common
Read more
Medium
Backstage resolveSafeChildPath Symlink Bypass Path Traversal (CVE-2026-24047)
CVE-2026-24047 · github.com · 2026-01-27
@backstage/backend-plugin-api <=0.1.16
Read more
High
Backstage SSRF Vulnerability (CVE-2026-24048) in @backstage/backend-defaults
CVE-2026-24048 · github.com · 2026-01-27
@backstage/backend-defaults < 0.12.2 · @backstage/backend-defaults >= 0.13.0 < 0.13.2 …
Read more
High
Backstage Scaffolder Symlink Path Traversal Vulnerability (CVE-2026-24046)
CVE-2026-24046 · github.com · 2026-01-27
@backstage/backend-defaults < 0.12.2, >= 0.13.0, < 0.13.2, >= 0.14.0, < 0.14.1 · @backstage/plugin-scaffolder-backend < 2.2.2, >= 3.0.0, < 3.0.2, >= 3.1.0, < 3.1.1 …
Read more
CVSS 5.4
Backstage Scaffolder SSRF/SSTI Vulnerability Analysis (CVE-2024-53983)
github.com · 2024-12-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Server-side request forgery in Backstage Scaffolder plugin 2. **Vulnerab…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.