Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 20+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Medium
pyLoad Session Management Fix for GHSA-60hx-chf7-3332
GHSA-60hx-chf7-3332 · github.com · 2026-04-22
PyLoad
Read more
Premium intel
High
CVE-2026-4133: payload-ng Stale Session Privilege Bypass Analysis
CVE-2026-4133 · github.com · 2026-04-22
payload-ng <= 0.5.0b3
Read more
Medium
pyload-ng Session Cookie Security Downgrade via X-Forwarded-Proto Spoofing
github.com · 2026-04-22
pyload-ng <= 0.4.x
Read more
High
pyload WebUI JSON Endpoint Authorization Bypass (BOLA) in <=0.5.0b3
github.com · 2026-04-10
pyload <= 0.5.0b3
Read more
Premium intel
High
PyLoad API Privilege Escalation via Unrestricted Config Modification (GHSA-4744-96p5-mp2j) Fix Analysis
GHSA-4744-96p5-mp2j · github.com · 2026-04-08
PyLoad
Read more
Premium intel
High
CVE-2026-35483: OS Command Injection in payload-ng via Antivirus Plugin
CVE-2026-35483 · github.com · 2026-04-08
payload-ng <= latest
Read more
Critical
PyLoad-ng SSL Certificate Config Privilege Escalation
GHSA-xx3g-5p4p-4v69 · github.com · 2026-04-08
pyload-ng <= 0.4.x
Read more
High
payload-ng UnTar_safe_extractall Path Traversal via os.path.commonprefix Bypass
GHSA-7q4m-8hv2-4qh3 · github.com · 2026-04-08
PyLoad < latest_fix
Read more
High
CVE-2026-33509: Non-admin RCE in payload-ng via insecure storage_folder config
CVE-2026-33509 · github.com · 2026-04-08
pyload-ng <= 0.5.0b3
Read more
High
pyload-ng CVE-2026-35187 SSRF Vulnerability and POC
CVE-2026-35187 · github.com · 2026-04-07
pyload-ng <= 0.5.0
Read more
High
SSRF Vulnerability Fix in Payload Framework: Code Analysis and Mitigation
GHSA-7gvf-3w72-p2pg · github.com · 2026-04-07
pyload/pyload
Read more
High
pyload-ng CVE-2026-33992 SSRF Bypass via HTTP Redirect and POC
CVE-2026-33992 · github.com · 2026-04-07
pyload-ng <= 0.5.0b3
Read more
CVSS 8.1
pyLoad CVE-2025-61773 Unauth XSS/Code Injection via CNL/Captcha
github.com · 2025-10-10

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters - **CVE ID**: CVE-2025-61773 - **CVSS …

Read more
PyLoad CVE-2025-57751 DoS via Unvalidated _jk Parameter
github.com · 2025-08-23

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Denial of Service (DoS) - **Affected Versions**: <0.5.0b3.dev92 - **CVE ID**: CVE-2025-57751 - **Severity**: High #### Vu…

Read more
PyLoad CVE-2025-55156 SQL Injection Vulnerability Advisory
github.com · 2025-08-13

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected Parameter**: `add_links` in API `/json/add_package` - **Affected Versions**: < 0.5.0b3.dev91 - **Fi…

Read more
Premium intel
CVSS 9.8
Pyload CVE-2025-54802 Path Traversal Leading to RCE
github.com · 2025-08-07

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Path Traversal and Remote Code Execution (RCE) - **Affected Version**: 0.5.0b3.dev89 - **Fixed Version**: 0.5.0b3.dev90 - **CV…

Read more
Premium intel
CVSS 9.8
PyLoad WebUI Path Traversal Vulnerability Fix Analysis
github.com · 2025-08-07

### Key Information - **Vulnerability Type**: Path Traversal Vulnerability - **Fix Commit**: `70a44fe` - **Fix Description**: Fixed the issue of using uncontrolled data in path expressions (#4596) - *…

Read more
Premium intel
CVSS 7.5
pyLoad CVE-2025-54140 Path Traversal Leading to RCE
github.com · 2025-07-26

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Type**: Path Traversal - **Affected Versions**: 0.5.0b3.dev89 - **Fixed Version**: 0.5.0b3.dev90 - **CVE ID**: CVE-…

Read more
Premium intel
CVSS 9.8
pyLoad CVE-2025-53890 RCE via Unsafe JS Eval in CAPTCHA Handler
github.com · 2025-07-15

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Remote Code Execution (RCE) via js2py in `onCaptchaResult` function - **Severity**: Critical (9.8/10) - **CVE ID**: CVE-2…

Read more
Premium intel
CVSS 9.1
pyload GHSA-w7hq-f2pj-c53g Remote Code Execution via Flashgot API
github.com · 2024-10-28

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Remote code execution by download to /p…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.