Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 10+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Low
OpenBao OCI Plugin Unbounded Decompression DoS (CVE-2025-99396)
CVE-2025-99396 · github.com · 2026-04-21
OpenBao <2.5.2
Read more
CVSS 7.5
HashiCorp Vault CVE-2025-59043 Unauthenticated DoS via Malicious JSON
github.com · 2025-10-18

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Potential Denial of Service when processing malicious unauthenticated JSON requests - **Severity**: High (7.5/10) - **CV…

Read more
CVSS 5.7
OpenBao Login MFA Rate Limiting Bypass and TOTP Token Reuse (CVE-2025-55003)
github.com · 2025-08-11

### Key Information #### Vulnerability Overview - **Vulnerability Name**: OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse - **CVE ID**: CVE-2025-55003 - **Severity**: Medium (CVSS v3 Ba…

Read more
CVSS 5.7
HashiCorp Vault MFA TOFU Bypass Vulnerability Fix
github.com · 2025-08-11

### Key Information - **Vulnerability Type**: MFA (Multi-Factor Authentication) TOFU (Trust on First Use) vulnerability. - **Fix Commit**: Commit `8340a69`, submitted by `cypheawave` and `estecase`, 5…

Read more
CVSS 9.1
OpenBao Privileged Operator Code Execution via Audit API (CVE-2025-54997)
github.com · 2025-08-10

### Critical Vulnerability Information #### Vulnerability Title - **Privileged OpenBao Operator May Execute Code on the Underlying Host** #### Severity - **Critical** - CVSS v3 base metrics: 9.1 / 10 …

Read more
CVSS 7.2
OpenBao Operator Token Privilege Escalation Vulnerability (CVE-2025-54996)
github.com · 2025-08-10

### Critical Vulnerability Information #### Vulnerability Title - **OpenBao Operator May Elevate Token Privileges** #### Severity - **Level**: High - **CVSS v3 Base Score**: 7.2/10 #### Affected Scope…

Read more
CVSS 9.1
HashiCorp Vault Security Update: Fixes for Audit, Auth, and MFA CVEs
github.com · 2025-08-10

### Critical Vulnerability Information #### Security Updates (SECURITY) - **Audit Subsystem**: - New device creation via API is no longer allowed unless `unsafe_allow_api_audit_creation` is set. Suppo…

Read more
CVSS 5.3
OpenBao CVE-2025-54998: Userpass and LDAP User Lockout Bypass Vulnerability
github.com · 2025-08-10

### Key Information #### Vulnerability Overview - **Title**: OpenBao Userpass and LDAP User Lockout Bypass - **Severity**: Medium (5.3/10) - **CVE ID**: CVE-2025-54998 #### Impact - **Description**: A…

Read more
CVSS 4.5
OpenBao/Vault Sensitive Information Leak in Logs (CVE-2025-52893)
github.com · 2025-07-06

### Key Information #### Vulnerability Title - **May Leak Sensitive Information in Logs When Processing Malformed Data** #### Severity - **Moderate** - CVSS v3 Base Score: 4.5 / 10 #### Affected Scope…

Read more
CVSS 4.5
HashiCorp Vault kv-v2 Plugin Information Disclosure via Malformed Data (CVE-2025-52893)
github.com · 2025-07-06

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Description**: SDK/framework vulnerability, preventing the leakage of additional …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.