Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
JizhiCMS v2.5.6 Admin SQL Injection Vulnerability Analysis
github.com · 2026-04-25

# JizhiCMS SQL Injection Vulnerability Summary ## Vulnerability Overview JizhiCMS v2.5.6 contains an SQL injection vulnerability. In the backend management system’s “Extension Management → Fragment Ma…

Read more
Vanna AI Unauthorized Access to API Endpoints (CWE-306)
github.com · 2026-04-25

# Vulnerability Summary: Unauthorized Access to Vanna AI API Endpoints ## Vulnerability Overview * **Vulnerability Title**: Unauthorized access to all API endpoints * **Vulnerability ID**: c3b29ce20ce…

Read more
vanna-ai 2.0.2 Unauthorized Access and SQL Injection Vulnerability
vuldb.com · 2026-04-25

# Vulnerability Summary ## Overview - **Vulnerability Title**: vanna-ai vanna 2.0.2 Unauthorized access to all API endpoints - **Vulnerability ID**: #795331 - **Vulnerability Type**: Improper Authoriz…

Read more
Image token counting SSRF protection can be bypassed via DNS rebinding · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# langchain-openai SSRF Vulnerability Summary ## Overview The `_url_to_size()` helper function in langchain-openai contains an SSRF (Server-Side Request Forgery) vulnerability when used to calculate i…

Read more
Merge branch 'v2.4.4' of github.com:usmannasir/cyberpanel into v2.4.4 · usmannasir/cyberpanel@0a099b1 · GitHub
github.com · 2026-04-25

### Vulnerability Overview This vulnerability involves the file `websiteFunctions/website.py` in the `usmannasir/cyberpanel` project. The specific issue is a logic error in the `fetchChildDomainsMain`…

Read more
Middleware-based route protection bypass · Advisory · clerk/javascript · GitHub
github.com · 2026-04-25

# Middleware Route Protection Bypass Vulnerability (GHSA-vqx2-fgx2-5wq9) ## Vulnerability Overview In `@clerk/nextjs`, `@clerk/nuxt`, and `@clerk/astro`, there is a logic flaw in `createRouteMatcher`.…

Read more
SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) · Advisory · saltcorn/saltcorn · GitHub
github.com · 2026-04-25

# SQL Injection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) - **Vulnerability Type**: SQL Injection - **Sev…

Read more
HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass ## Vulnerability Overview The `HTMLHeaderTextSplitter.split_text_from_url()` method validates the initial URL but then uses `requests.…

Read more
GetTempFileName function (winbase.h) - Win32 apps | Microsoft Learn
learn.microsoft.com · 2026-04-25

Based on the provided webpage screenshot, the page is **not about a vulnerability**, but rather the official technical documentation for the Windows API function `GetTempFileName`. The following is a …

Read more
CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard | Advisories | VulnCheck
www.vulncheck.com · 2026-04-25

# CyberPanel < 2.4.4 Stored Cross-Site Scripting (XSS) Vulnerability Summary ## Vulnerability Overview * **Vulnerability Title**: CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard * **Vulnerabili…

Read more
One click remote code execution in CyberPanel v2.4.3 | itsrez
itsrez.re · 2026-04-25

# CyberPanel v2.4.3 One-Click Remote Code Execution Vulnerability Summary ## Vulnerability Overview This vulnerability stems from CyberPanel's custom security middleware (`secMiddleware.py`) **bypassi…

Read more
Issues in tough library and tuftool CLI utility
aws.amazon.com · 2026-04-25

# AWS Security Advisory: Security Issues in tough Library and tuftool CLI Tool **Advisory ID**: 2026-019-AWS **Release Time**: April 24, 2026 12:45 PM PDT **Severity**: Important (requires attention) …

Read more
Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder · Advisory · bacnet-stack/bacnet-stack · GitHub
github.com · 2026-04-25

# BACnet-stack ReadPropertyMultiple Object ID Decoding Out-of-Bounds Read Vulnerability (CVE-2026-41502) ## Vulnerability Overview A classic **off-by-one** vulnerability exists in the `ReadPropertyMul…

Read more
Local privilege escalation via unauthenticated IPC · Advisory · deskflow/deskflow · GitHub
github.com · 2026-04-25

# Local privilege escalation via unauthenticated IPC ## Vulnerability Overview The Deskflow daemon runs with SYSTEM privileges and exposes an IPC named pipe with `WorldAccessOption` enabled. The daemo…

Read more
Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser · Advisory · bacnet-stack/bacnet-s
github.com · 2026-04-25

### Vulnerability Overview **Vulnerability Name**: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser **Vulnerability Description**: - **Type**: Out-of-Bounds Read -…

Read more
Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser · Advisory · bacnet-stack/bacnet-stack · G
github.com · 2026-04-25

### Vulnerability Overview **Title**: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser **Description**: - **Vulnerability Type**: Out-of-Bounds Read - **Affected Service**…

Read more
Clipboard deserialization global-buffer-overflow · Advisory · deskflow/deskflow · GitHub
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Clipboard deserialization global-buffer-overflow - **Vulnerability Type**: Remote memory safety vulnerability, specifically a global buffer overflo…

Read more
Missing Delegated Metadata Validation in awslabs/tough · Advisory · awslabs/tough · GitHub
github.com · 2026-04-25

# Vulnerability Overview **Title**: Missing Delegated Metadata Validation in awslabs/tough **Severity**: Moderate (5.9 / 10) **CVE ID**: CVE-2026-6967 **CVSS v3 Base Metrics**: - Attack Vector: Networ…

Read more
Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption · Advisory · espressif/arduino-
github.com · 2026-04-25

### Vulnerability Overview **Title**: Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption **Description**: - **Vulnerability Type**: Remotely reachable memory corr…

Read more
Observable Timing Discrepancy in HMAC Verification (CWE-208) · Advisory · notamitgamer/mojic · GitHub
github.com · 2026-04-25

# Observable Timing Discrepancy in HMAC Verification (CWE-208) ## Vulnerability Overview In version `mojic` v2.1.3, the `CipherEngine` uses the standard equality operator (`===`) to verify the HMAC-SH…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.