Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 27403+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.4
Passeum Ticketing 1.0.1 Security Fix Advisory
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview This vulnerability involves the `trunk/passeum-ticketing.php` file within the `passeum-ticketing` plugin. The vulnerability type is a security fix, specifically addressing a…

Read more
CVSS 4.4
WordPress Plugin Passeum Ticketing XSS Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview The provided screenshot displays the source code of the `passeum-ticketing.php` file for the WordPress plugin "Passeum Ticketing." A potential security vulnerability exists …

Read more
CVSS 4.4
WordPress passem-ticketing Plugin Input Validation Flaw Analysis
plugins.trac.wordpress.org · 2026-06-03

### Vulnerability Overview The provided web screenshot displays a code file from a WordPress plugin directory, specifically `passem-ticketing/tags/1.0/inc/settings.php`. The file contains a potential …

Read more
CVSS 4.3
ReDoS Vulnerability in Excel/DOCX Search and Fix Analysis
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves the regular expression patterns used in Excel/DOCX searches, which may lead to Denial of Service (ReDoS) attacks. An attacker can construct speci…

Read more
CVSS 6.3
SSRF Vulnerability in MCP read_file URL Fetching #410
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Server-Side Request Forgery (SSRF) in `read_file` URL Fetching #410 **Vulnerability Type**: SSRF **Affected Version**: 0.2.37 **Operating System**: U…

Read more
CVSS 4.3
CODE-INDEX-MCP ReDoS in search_code_advanced via unvalidated regex pattern
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Unvalidated patterns may lead to ReDoS attacks #84 **Vulnerability Type**: ReDoS (Regular Expression Denial of Service) **Vulnerability Description**…

Read more
CVSS 6.3
SSRF Vulnerability Patch Guide and PoC Code
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves a security issue in the URL retrieval process of `read_file`. Specifically, the `readFileFromUrl()` helper function directly uses user-supplied U…

Read more
CVSS 4.9
Affil.io Extension Sandbox Arbitrary File Read via simpleHttpClient
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Arbitrary File Read and Exfiltration via `simpleHttpClient` Extension Script **Vulnerability Description**: - An fully functional HTTP client, `simpl…

Read more
Premium intel
CVSS 8.0
Auth RCE in all.io via Extension Script Sandbox Escape (CVE-2025-35482)
github.com · 2026-06-03

### Vulnerability Overview **Authenticated RCE via Extension Script Sandbox Escape** - **Description**: A sandbox escape vulnerability exists in all.io's extension script engine, allowing authenticate…

Read more
Premium intel
CVSS 9.6
LibreChat MCP Server URL Injection Vulnerability: Critical Information Disclosure of JWT_SECRET and CRED_KEY
github.com · 2026-06-03

### Vulnerability Overview **Vulnerability Name**: Server Secrets Exfiltration via MCP Server URL Injection **Description**: A critical information disclosure vulnerability exists in LibreChat's Model…

Read more
LibreChat Shared-Agent Global File Deletion Vulnerability (CVE-2026-44854) with POC
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents - **CVE ID**: CVE-2026-44854 - **Severity**: Mod…

Read more
Premium intel
CVSS 8.2
Red Hat RHSA-2026:20613: gnutls Vulnerability Fixes (CVE-2026-33845, CVE-2026-3833, etc.)
access.redhat.com · 2026-06-03

### Vulnerability Overview - **Vulnerability ID**: RHSA-2026:20613 - **Publication Date**: 2026-05-26 - **Update Date**: 2026-05-26 - **Type**: Security Update - **Severity**: Important (Moderate) - *…

Read more
CVSS 5.5
blender-mcp Python Code Injection Leading to RCE via exec() Function
github.com · 2026-06-03

### Vulnerability Overview A code injection vulnerability exists in the `blender-mcp` project. The root cause is the use of Python's `exec()` function to execute user-controlled input without any sani…

Read more
Premium intel
CVSS 9.8
Java Xalan TemplatesImpl Deserialization Vulnerability Analysis and PoC
www.wordfence.com · 2026-06-03

# Vulnerability Overview This vulnerability exists in the `com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl` class, specifically within the `defineTransletClasses` method. Attackers can expl…

Read more
CVSS 5.9
IBM Operations Analytics Log Analysis Authentication Weakness Advisory
www.ibm.com · 2026-06-03

# IBM Operations Analytics - Log Analysis Vulnerability Summary ## Vulnerability Overview IBM Operations Analytics - Log Analysis contains a weakness in its backend authentication and session manageme…

Read more
CVSS 4.4
IBM WebSphere Liberty Security Bypass Vulnerability (CVE-2026-5516) Advisory
www.ibm.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: IBM WebSphere Application Server Liberty Security Bypass Vulnerability - **CVE ID**: CVE-2026-5516 - **Description**: IBM WebSphere Application Ser…

Read more
CVSS 5.9
PrestaShop Password Hashing Fix: MD5 to bcrypt Upgrade Patch Analysis
github.com · 2026-06-03

### Vulnerability Overview This vulnerability involves the upgrade of the password hashing algorithm from MD5 to bcrypt. MD5 is a weak hashing algorithm susceptible to collision attacks and rainbow ta…

Read more
CVE-2026-42504: Go mime.WordDecoder.DecodeHeader Quadratic Complexity DoS
go.dev · 2026-06-03

### Vulnerability Overview - **Vulnerability Name**: mime: quadratic complexity in WordDecoder.DecodeHeader - **Vulnerability ID**: #79217 - **Vulnerability Type**: Security Vulnerability - **Vulnerab…

Read more
Go Security Update: Fixes for CVE-2024-42504, CVE-2024-42507, CVE-2025-27145 (DoS/Info Disclosure)
groups.google.com · 2026-06-03

### Vulnerability Overview Three security fixes have been released in Go 1.26.4 and Go 1.25.11, addressing the following vulnerabilities: 1. **mime: Quadratic complexity in WordDecoder.DecodeHeader** …

Read more
Go net/textproto Unescaped Error Message Injection Vulnerability
go.dev · 2026-06-03

### Vulnerability Overview In the `net/textproto` package, when returning an error, the function includes the input as part of the error message without escaping it. This can allow an attacker to inje…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.