Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Unisys WebPerfect Image Suite .NET Remoting RCE via Custom Channel Sink (CVE-2026-39906)
gist.github.com · 2026-04-24

# Unisys WebPerfect Image Suite Vulnerability Summary ## Vulnerability 1: .NET Remoting Remote Code Execution - **CVE ID**: CVE-2026-39906 - **Disclosure Date**: April 23, 2026 - **Affected Versions**…

Read more
Jzhicms v2.5.4 Admin SQL Injection via Body Parameter
github.com · 2026-04-24

# Jzhicms v2.5.4 SQL Injection Vulnerability Summary ## Vulnerability Overview Jzhicms v2.5.4 has a SQL injection vulnerability in the backend product editing module. An attacker can modify the image …

Read more
DOMPurify Prototype Pollution and Config Leak Vulnerability Fix Analysis
github.com · 2026-04-24

# DOMPurify Security Fix Summary ## Vulnerability Overview The DOMPurify library has multiple security vulnerabilities, mainly involving: - **Tag/Attribute Injection**: Attackers may bypass filtering …

Read more
DOMPurify 3.4.0 Security Advisory: Fixes Prototype Pollution, mXSS, and Filter Bypass
github.com · 2026-04-24

# DOMPurify 3.4.0 Vulnerability Summary ## Vulnerability Overview DOMPurify version 3.4.0 fixes multiple security vulnerabilities, including prototype pollution, filter bypass, URI validation skipping…

Read more
DOMPurify Prototype Pollution Leading to XSS Bypass
github.com · 2026-04-24

# DOMPurify Prototype Pollution Leads to XSS Bypass Vulnerability Summary ## Vulnerability Overview DOMPurify versions 3.0.1 to 3.3.3 contain a prototype pollution vulnerability. When using the defaul…

Read more
DOMPurify CVE-2025-41240 FORBID_TAGS Bypass via ADD_TAGS Predicate
github.com · 2026-04-24

# DOMPurify Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix) - **Description**: In D…

Read more
Dompurify Template Injection XSS via SAFE_FOR_TEMPLATES and RETURN_DOM Mode Bypass
github.com · 2026-04-24

# Dompurify `SAFE_FOR_TEMPLATES` Bypass in `RETURN_DOM` Mode ## Vulnerability Overview When Dompurify is used in `SAFE_FOR_TEMPLATES` mode with `RETURN_DOM` mode enabled simultaneously, template expre…

Read more
Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)
github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

Read more
Hackage Server Stored XSS Vulnerability (HSEC-2026-0004)
osv.dev · 2026-04-24

# HSEC-2026-0004 Vulnerability Summary ## Vulnerability Overview **Stored XSS vulnerability in Hackage package metadata** A stored cross-site scripting (XSS) vulnerability exists in Hackage package me…

Read more
Hackage Stored XSS Vulnerability (HSEC-2024-0004) and Mitigation
osv.dev · 2026-04-24

# HSEC-2024-0004 Vulnerability Summary ## Vulnerability Overview **Stored XSS Vulnerability in Hackage Package and Documentation Uploads** * **Vulnerability Type:** Stored Cross-Site Scripting (Stored…

Read more
Hackage Server CSRF Vulnerability Fix (HSEC-2026-0002)
osv.dev · 2026-04-24

# HSEC-2026-0002 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Hackage CSRF Vulnerability - **Description**: The Hackage server lacks Cross-Site Request Forgery (CSRF) prot…

Read more
Apache ActiveMQ OpenWire Deserialization RCE Vulnerability and POC
ntfy.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves a deserialization flaw in the **OpenWire protocol** of **Apache ActiveMQ**. An attacker can craft malicious packets and exploit the dese…

Read more
CVE-2025-70994: Yadea T5 E-bike EV1527 Fixed-Code Replay Attack Vulnerability
github.com · 2026-04-24

# CVE-2025-70994: Yadea T5 Electric Bicycle Weak Authentication Vulnerability Summary ## Vulnerability Overview * **CVE ID**: CVE-2025-70994 * **Vulnerability Type**: Weak Authentication (CWE-1390) * …

Read more
CODESYS EtherNet/IP Improper Timeout Handling DoS (CVE-2026-35225)
codesys.csaf-tp.certvde.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: Improper timeout handling in CODESYS EtherNet/IP - **CVE ID**: CVE-2026-35225 - **CVSS Score**: 7.5 (HIGH) - **Description**: CODESYS EtherNet/IP i…

Read more
SocialEngine <= 7.8.0 SQL Injection in get-memberall (CVE-2026-41460)
karmainsecurity.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability - **Vulnerability Description**: User input passed via the `text` request paramet…

Read more
SocialEngine <=7.8.0 Unauthenticated SQL Injection via /activity/index/get-memberall
www.vulncheck.com · 2026-04-24

# Vulnerability Summary: SocialEngine SQL Injection Vulnerability ## Overview * **Vulnerability Title**: SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall * **Vulnerability Type**: …

Read more
WordPress Plugin Vulnerability Advisory: XSS, File Upload, Auth Bypass
patchstack.com · 2026-04-24

### Vulnerability Overview Patchstack is a leading open-source vulnerability database focused on security issues in WordPress websites. This page displays multiple known vulnerabilities in WordPress p…

Read more
OpenSC libopensc Uninitialized Memory Vulnerabilities (6 instances) and Fix
github.com · 2026-04-23

# Vulnerability Summary: Use of Uninitialized Variables in libopensc ## Overview During testing of OpenSC, 6 uninitialized memory errors (UUM) were discovered. These vulnerabilities were found while u…

Read more
CVE-2025-13763: libopencsc Uninitialized Memory Use Vulnerability
github.com · 2026-04-23

# CVE-2025-13763: Uninitialized Memory Usage Vulnerability in libopencsc ## Vulnerability Overview This vulnerability exists in the `libopencsc` library, causing multiple functions to use uninitialize…

Read more
WebKit GTK WebPage::send-request Signal Bypass Leading to Connection Leakage (CVE-2025-66286)
bugs.webkit.org · 2026-04-23

# WebKit Bugzilla Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2025-66286 - **Title**: [WPE][GTK] Certain connections to remote sites cannot be intercepted using WebPage::send-req…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.