Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 22+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Critical
ci4ms Post-Installation Re-entry via Cache-Dependent Install Guard Bypass
github.com · 2026-04-09
ci4-cms-erp/ci4ms <= 0.31.3.0
Read more
Medium
Stored XSS in ci4ms ci4-cms-erp <= 0.31.3.0 with PoC
github.com · 2026-04-09
ci4-cms-erp/ci4ms <= 0.31.3.0
Read more
High
cl4ms CMS .env CRLF Injection Vulnerability and POC
github.com · 2026-04-09
<= 0.31.3.0
Read more
Critical
cl4ms Fileeditor Auth Bypass and RCE via Unvalidated Path Access
github.com · 2026-04-09
cl4-cms-erp/cl4ms <= 0.31.3.0
Read more
Medium
Stored XSS via srcdoc bypass in cli4cms Google Maps iframe
github.com · 2026-04-09
cli4-cms-erp/cli4cms <= 0.31.3.0
Read more
Critical
Stored DOM XSS Analysis: Persistent Payload Injection in Public Pages
github.com · 2026-04-07
ci4ms
Read more
Critical
CI4MS Stored XSS and Privilege Escalation Vulnerability (CVSS 9.4)
github.com · 2026-04-07
ci4ms <= 0.28.6.0
Read more
High
Persistent Unauthorized Access via Improper Session Invalidation on Account Deletion
github.com · 2026-04-02

# 漏洞总结:账户删除模块因会话无效化不当导致的全角色持久未授权访问(逻辑漏洞) ### 漏洞概述 * **漏洞类型:** 逻辑漏洞 (Logic Flaw) / 会话管理不当 (Improper Session Invalidation) * **严重性:** 高 (High) * **描述:** 该漏洞为高危逻辑缺陷。在用户执行账户删除操作后,系统未正确使当前会话令牌(Session Toke…

Read more
Premium intel
Critical
Stored DOM XSS in Menu Management (Pages) Leading to Privilege Escalation and Account Takeover
github.com · 2026-04-02
ci4-cms-erp/ci4ms <= 0.28.0.0
Read more
Premium intel
High
WordPress Blogs Posts Plugin Stored XSS Vulnerability and Remediation
github.com · 2026-04-02
ci4-cms-erp/ci4ms Blogs Posts (Categories)
Read more
Critical
Stored DOM XSS and All-Roles Account Takeover in Social Media Management Module
github.com · 2026-04-02
Social Media Management (ci4ms)
Read more
Premium intel
High
Stored DOM XSS in Blog Tags Leading to Full Account Takeover and Privilege Escalation
github.com · 2026-04-02
ci4ms
Read more
Critical
Joomla CMS Stored DOM XSS in Mail Settings Leading to Account Takeover
github.com · 2026-04-02
Joomla 4.0.0+
Read more
Premium intel
High
CVE-2024-38446: Stored XSS in WordPress Blog Category Filtering
CVE-2024-38446 · github.com · 2026-04-02
ci4ms < 0.28.6.0
Read more
Premium intel
Critical
Stored DOM XSS in Logs Leading to Full Account Takeover and Privilege Escalation
github.com · 2026-04-02
ci4ms
Read more
Premium intel
High
Stored XSS in dev-cms-argylecms Backend User Management Leading to Admin Compromise
github.com · 2026-04-02
ci4ms <= 0.28.6.0
Read more
Premium intel
High
Stored DOM XSS in @c4c-oro-org/oidc-roles leading to Account Takeover and Privilege Escalation
github.com · 2026-04-02
@c4c-oro-org/oidc-roles <= 0.28.0.0
Read more
Premium intel
High
Logic Flaw: Full Unauthorized Access via Improper Session Invalidation on Account Deactivation
github.com · 2026-04-02

### 漏洞概述 该漏洞为账户停用模块中的逻辑缺陷,源于会话验证机制失效。当用户账户被停用时,系统未正确使会话访问权限或会话令牌失效,导致已认证用户(包括管理员、内容创作者等)在账户停用后仍可凭借原有会话令牌持续访问系统,造成全角色的持续未授权访问。 ### 影响范围 * **受影响功能:** 账户停用逻辑与身份验证机制。 * **受影响对象:** 所有已认证用户,包括管理员、内容创作者等利益相关…

Read more
Premium intel
Critical
CVE-2025-38651: Stored DOM Blind XSS in Backup Management Leads to Full Account Takeover
CVE-2025-38651 · github.com · 2026-04-02
<= 0.28.6.0
Read more
Critical
Odoo Stored DOM XSS in System Settings Leads to Full Platform Compromise
github.com · 2026-04-02
Odoo <= 28.6.0
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.