Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29132+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
python-statemachine SCXMLLoader RCE via eval (CVE-2026-47103) Fix and POC
github.com · 2026-06-18

### Vulnerability Overview In version 3.2.0 of the `python-statemachine` library, a security vulnerability (CVE-2026-47103) exists. This vulnerability allows arbitrary code execution by loading untrus…

Read more
Dell PowerFlex Multiple Vulnerabilities Advisory DSA-2026-066: RCE, Privilege Escalation, and Fix
www.dell.com · 2026-06-18

### Vulnerability Overview - **Vulnerability ID**: DSA-2026-066 - **Vulnerability Type**: Multiple Security Vulnerabilities - **Affected Software**: PowerFlex Software - **Release Date**: June 15, 202…

Read more
python-statemachine SCXML Eval Injection Vulnerability and PoC
github.com · 2026-06-18

### Vulnerability Overview **python-statemachine SCXML `` Eval Injection** - **Description**: In `python-statemachine` version 3.1.2, the `eval()` function is used to process the `` attribute when par…

Read more
Account Takeover via Improper Account Activation in Registration/SSO Flow
github.com · 2026-06-18

### Vulnerability Overview **Vulnerability Name**: Improper account activation in the registration and SSO flow leading to account takeover **Vulnerability Description**: - This vulnerability allows a…

Read more
Plane 1.3.1 Stored XSS in intake description_html (CVE-2026-10850)
fluidattacks.com · 2026-06-18

# Plane 1.3.1 - Stored XSS in intake issue description_html ## Vulnerability Overview Plane CE 1.3.1 allows low-privilege project members to submit arbitrary HTML/JS in the `description_html` field wh…

Read more
389 Directory Server Heap Buffer Overflow in acl_parse() (#7542)
github.com · 2026-06-18

### Vulnerability Overview - **Vulnerability Name**: Heap buffer overflows in `__aclp__normalize_acltxt()` - **Vulnerability ID**: #7542 - **Vulnerability Type**: Heap buffer overflow - **Trigger Cond…

Read more
CVE-2026-12528: Heap Buffer Overflow in 389 Directory Server ACL Normalization
bugzilla.redhat.com · 2026-06-18

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-12528 - **Vulnerability Type**: Heap buffer overflow - **Affected Function**: `__aclp_normalize_acltxt()` - **Trigger Condition**: Parsing A…

Read more
Openhuman Pre-Auth Permission Bypass and Env Var Injection Fix
github.com · 2026-06-18

### Vulnerability Overview This vulnerability addresses the tightening of runtime policies and the enhancement of transport guards (#2636). The primary issue lies in the potential security risks posed…

Read more
OpenStack Horizon RC File Unescaped Characters Lead to RCE
launchpad.net · 2026-06-18

### Vulnerability Overview **Vulnerability ID**: OSSN-0097 **Title**: Horizon fails to escape special characters in project names when generating RC files **Description**: In OpenStack Horizon, when a…

Read more
CVSS 6.6
WordPress Counter Box <= 2.0.13 PHP Object Injection via Import (CVE-2026-12115)
www.wordfence.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import - **CVE ID**: CVE-2026-12115 - **CVSS Score**: 6.6 (Medium) …

Read more
Premium intel
CVSS 8.1
WP Review Slider Pro <= 12.6.8 Authenticated Arbitrary File Deletion (CVE-2026-8442)
www.wordfence.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter - **CVE ID**: CVE-2026-8442 - **CVSS …

Read more
CVSS 7.1
Zephyr Bluetooth HFP Out-of-Bounds Write Vulnerability (CVE-2026-10641)
github.com · 2026-06-17

### Vulnerability Overview **Title**: Out-of-bounds write in Bluetooth Classic HFP HF +CIND response parser during SLC setup **Description**: The Zephyr Bluetooth Classic Hands-Free Profile (HFP HF) i…

Read more
CVSS 8.8
rxi tar library checksum validation flaw analysis
raw.githubusercontent.com · 2026-06-17

### Vulnerability Overview The screenshot displays the source code for a software library named "rxi," which contains a potential vulnerability. This vulnerability involves the reading and writing of …

Read more
simplcommerce CSRF vulnerability due to commented AntiforgeryFilter
github.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: `CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter` is commented out and never returned - **Vulnerability ID**: #1150 - **Description**: In…

Read more
CVSS 7.1
Zephyr OS Bluetooth Classic HFP Buffer Overflow Fix in hfp_hf.c
github.com · 2026-06-17

### Vulnerability Overview A buffer overflow vulnerability exists in the `hfp_hf.c` file of the Bluetooth Classic (Bluetooth Classic) profile. The vulnerability occurs in the `cind_handle_values` func…

Read more
Citrix Cloud IACCESS-1 Bypass Leaking OTP via Email Change (CVE-2025-66391)
github.com · 2026-06-17

### Vulnerability Overview **Vulnerability Title**: Abuse of Read-Only User Workflows in Citrix Cloud Results in OTPs Being Sent to Attacker-Controlled Email Addresses **Severity**: Medium **Discovery…

Read more
Premium intel
CVSS 8.8
WordPress Entrepreneur Booking Theme <=3.1.3 PHP Object Injection Vulnerability
patchstack.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: High-priority PHP Object Injection Vulnerability in WordPress Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 - **Vulnerabilit…

Read more
Premium intel
CVSS 8.1
WordPress Gamic Theme <= 1.15 Local File Inclusion (LFI) Vulnerability Analysis
patchstack.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: WordPress Gamic Theme <= 1.15 High-Severity Local File Inclusion (LFI) Vulnerability - **Priority**: High Priority - **Vulnerability Type**: Local …

Read more
Premium intel
CVSS 8.1
WordPress Theme LuxMed Local File Inclusion (LFI) Vulnerability Advisory
patchstack.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: Local File Inclusion (LFI) - **Priority**: High Priority - **Affected Versions**: <= 1.2.2 - **Official Patch**: No official patch available ### Im…

Read more
Premium intel
CVSS 8.1
WordPress Snow Club Theme <= 1.1 High-Severity Local File Include (LFI) Advisory
patchstack.com · 2026-06-17

### Vulnerability Overview - **Vulnerability Name**: High-Severity Local File Inclusion (LFI) in WordPress Snow Club Theme <= 1.1 - **Priority**: High - **CVSS Score**: 8.1 - **Release Date**: May 26,…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.