Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 9+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Critical
LobeHub Auth Bypass via XOR-obfuscated Header (GHSA-5m9j-5jsw-5c97) and Fix
GHSA-5m9j-5jsw-5c97 · github.com · 2026-04-09
lobehub
Read more
Critical
LobeChat webapi Authentication Bypass via XOR-obfuscated Header Forgery
github.com · 2026-04-09
lobehub <= 2.1.47
Read more
Low
CVE-2026-23522: IDOR in Knowledge Base File Removal
GHSA-j7xp-4mg9-x28r · github.com · 2026-01-20
lobe-chat <= v2.0.0-next.192
Read more
CVSS 3.0
SSRF in tRPC endpoint allows internal resource access via unvalidated URLs
github.com · 2025-10-18

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: SSRF (Server-Side Request Forgery) - **Affected Versions**: 1.136.1 - **Fixed Version**: 1.136.2 - **Severity**: Low (CVS…

Read more
CVSS 4.3
lobe-chat CVE-2025-5946 Open Redirect via OIDC X-Forwarded-Host
github.com · 2025-09-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Open Redirect - **Project**: lobe-chat - **CVE ID**: CVE-2025-5946 - **CVSS v3 Base Metrics**: - Severity: Medium (4.3/10) - A…

Read more
LobeChat <v1.129.4 XSS Escalation to RCE via SVG Rendering (CVE-2022-N017)
github.com · 2025-09-20

### Critical Vulnerability Information #### Vulnerability Type - **Remote Code Execution via XSS in Chat Messages** #### Affected Versions - **Affected versions**: `, it renders using the `lobeArtifac…

Read more
CVSS 9.0
LobeChat SSRF Bypass via Redirect (CVE-2024-32964)
github.com · 2024-09-24

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: CVE-2024-32964 2. **Vulnerability Name**: Insufficient fix for GHSA-mxhq-xw3g-rphc 3…

Read more
Premium intel
CVSS 9.0
lobe-chat /api/proxy SSRF Vulnerability (Critical)
github.com · 2024-09-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: 【Critical】/api/proxy endpoint SSRF vulnerability in …

Read more
CVSS 9.0
SSRF Vulnerability Fix Patch Analysis
github.com · 2024-09-24

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Code Changes**: - A list of 6 modified files is shown, including `package.json`, `src/app/api/p…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.