Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
CWE-681: Incorrect Conversion between Numeric Types Analysis and Mitigation
cvefeed.io · 2026-04-08

# CWE-681: Incorrect Conversion between Numeric Types ## Vulnerability Overview When converting data from one data type to another (e.g., converting to an integer), data may be truncated or converted …

Read more
Django Security Advisory: 5 Vulnerabilities (ASGI Spoofing, Privilege Abuse, DoS)
www.djangoproject.com · 2026-04-08

### Vulnerability Overview This security advisory covers five security vulnerabilities affecting different components of Django: 1. **CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflati…

Read more
Solidity SCWE-041 Unsafe Downcasting Vulnerability Analysis and Fix
scs.owasp.org · 2026-04-08

# SCWE-041: Unsafe Downcasting ## Vulnerability Overview Occurs when a larger integer type is implicitly or explicitly converted to a smaller integer type. Solidity does not automatically check for ov…

Read more
AgentFlows Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-08

# Vulnerability Summary ### Vulnerability Overview This is a fix for a **Path Traversal** vulnerability. In the `server/utils/agentFlows/index.js` file, the original file existence check (`fs.existsSy…

Read more
CVE-2026-4631 Cockpit SSH Command Injection RCE Vulnerability Analysis
bugzilla.redhat.com · 2026-04-08

# Vulnerability Summary: CVE-2026-4631 Cockpit SSH Command-Line Argument Injection ## Vulnerability Overview * **CVE ID**: CVE-2026-4631 * **Vulnerability Name**: Cockpit: Unauthenticated remote code …

Read more
CVE-2026-4740: Red Hat ACM/OCM Cross-cluster Privilege Escalation via Certificate Validation
bugzilla.redhat.com · 2026-04-08

### Vulnerability Overview * **CVE ID:** CVE-2026-4740 * **Vulnerability Name:** rhacm: Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate ren…

Read more
Koha Release Notes: Fixes for Missing Permission Checks and REST API Logic
gitlab.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This page contains the Release Notes for the Koha project, listing multiple fixed bugs covering the following areas: 1. **Patron Management:** * **…

Read more
Koha Library Software OS Command Injection Vulnerability (CVE-2024-36057) with PoC
github.com · 2026-04-08

# CVE-2024-36057: Koha Library Software OS Command Injection ## Vulnerability Overview The Koha Library Software (an open-source integrated library system) contains an OS command injection vulnerabili…

Read more
Koha <22.05.22 Authenticated Time-Based Blind SQL Injection (CVE-2024-36058) with POC
github.com · 2026-04-08

### Vulnerability Overview * **Vulnerability Name:** Koha Library Software < 22.05.22 — Time-Based Blind SQL Injection * **CVE ID:** CVE-2024-36058 * **Vulnerability Type:** Time-Based Blind SQL Injec…

Read more
OpenViking Unauthenticated Access Fix: Config Validation for Root API Key
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** In the OpenViking server configuration, if the `root_api_key` (root API key) is not configured, the default listening address is `0.0.0.0`. This al…

Read more
Python pkgutil.get_data removes path traversal restrictions, warns of untrusted input risks
github.com · 2026-04-08

### Vulnerability Overview The security model of the `pkgutil.get_data` function has been re-evaluated. Previous versions attempted to prevent path traversal attacks by prohibiting parent directory re…

Read more
Python webbrowser Command Injection Fix via Leading Dash Validation
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `open()` function in Python's `webbrowser` module contains a security flaw when handling URL parameters. If a provided URL starts with a hyphen…

Read more
Python webbrowser Module Command Injection Fix via Dash Prefix Validation
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A security flaw exists in the `webbrowser` module of the Python standard library. When the `webbrowser.open` function is called with a URL starting…

Read more
Python webbrowser module URL parameter injection fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The Python `webbrowser` module contains a security flaw when processing URLs. Specifically, the module fails to effectively prevent URLs starting w…

Read more
Python webbrowser module Argument Injection vulnerability fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `open` function in the Python `webbrowser` module contains an Argument Injection vulnerability. When a passed URL parameter starts with `--`, t…

Read more
Python webbrowser module URL command injection fix via dash prefix check
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `webbrowser` module in Python contains a security flaw when processing URLs. Attackers can exploit this vulnerability by passing URLs starting …

Read more
Mozilla Firefox/Thunderbird Security Advisory: Integer Overflow & Memory Safety Vulnerabilities (CVE-2026-5731 to 5735)
www.mozilla.org · 2026-04-08

# Mozilla Foundation Security Advisory 2026-28 Vulnerability Summary ## Vulnerability Overview This security advisory primarily addresses vulnerabilities fixed in Thunderbird version 149.0.2, as well …

Read more
Weaver E-cology10 RCE Vulnerability Analysis (QVD-2026-14149)
ti.qianxin.com · 2026-04-07

# Weaver E-cology10 Remote Code Execution Vulnerability (QVD-2026-14149) Summary ## Vulnerability Overview * **Vulnerability Name:** Weaver E-cology10 Remote Code Execution Vulnerability * **Vulnerabi…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass
github.com · 2026-04-07

### Vulnerability Summary **1. Vulnerability Overview** A validation flaw exists in the `public_key` module of Erlang OTP regarding the processing of OCSP (Online Certificate Status Protocol) response…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass Fix
github.com · 2026-04-07

# Vulnerability Summary: Erlang OTP OCSP Responder Certificate Verification Flaw ## Vulnerability Overview A security flaw exists in the OCSP (Online Certificate Status Protocol) responder certificate…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.