Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
CVE-2025-13763: libopenc Uninitialized Variable Vulnerability
bugzilla.redhat.com · 2026-04-23

# Vulnerability Summary: CVE-2025-13763 ## Overview - **CVE ID**: CVE-2025-13763 - **Component**: libopenc - **Type**: Uninitialized Variable (Multiple uses of uninitialized variable) - **Severity**: …

Read more
WordPress ACF Galerie 4 Plugin Broken Access Control Vulnerability Advisory
patchstack.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: WordPress ACF Galerie 4 Plugin <= 1.4.2 Has Broken Access Control Vulnerability - **Vulnerability Type**: Broken Access Control - **CVSS Score**: 4…

Read more
H2O-3 PostgreSQL JDBC Driver RCE via ImportSQLTable (CVE-2026-3960)
huntr.com · 2026-04-23

# H2O-3 PostgreSQL Driver RCE (CVE-2026-3960) ## Vulnerability Overview - **CVE ID**: CVE-2026-3960 - **Severity**: High (CVSS 9.4) - **Affected Versions**: H2O-3 3.46.0.9 and earlier - **Vulnerabilit…

Read more
Zurich Instruments LabOne Path Traversal Vulnerability Advisory (ZI-SA-2026-001)
www.zhinst.com · 2026-04-23

# Vulnerability Summary: ZI-SA-2026-001 ## Vulnerability Overview * **Vulnerability Name**: Path Traversal Vulnerability in LabOne User Interface * **Vulnerability ID**: ZI-SA-2026-001 * **CVSS Score*…

Read more
Borg SPM 2007 Security Advisory: RCE, Auth Bypass, SQLi (CVE-2026-6885/6886/6887)
www.twcert.org.tw · 2026-04-23

# Vulnerability Summary: Borg SPM 2007 Security Vulnerabilities ## Overview The SPM 2007 software from Borg Technology Corporation contains three critical security vulnerabilities that allow unauthori…

Read more
H2O.ai JDBC Connection String Parameter Injection Vulnerability Fix and POC
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves allowing certain parameters in JDBC connection strings, which may be maliciously exploited, leading to potential security risks. Specifically inc…

Read more
OpenSSL PRNG and Key Generation Vulnerabilities in DSA/DH/EC/RSA
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves multiple security issues in the OpenSSL library, primarily affecting the following components: - **PRNG (Pseudo-Random Number Generator)** - **DS…

Read more
Controllo DLL Hijacking Vulnerability (CVE-2025-10549) with POC
r.sec-consult.com · 2026-04-23

# Vulnerability Summary: Controllo DLL Hijacking Vulnerability (CVE-2025-10549) ## Overview The Controllo installation directory has weak folder permissions, allowing local attackers to perform DLL hi…

Read more
Libgcrypt ECDH Buffer Overwrite Vulnerability Fix
dev.gnupg.org · 2026-04-23

### Vulnerability Overview **Vulnerability Name**: Libgcrypt ECDH buffer overwrite with zeroes **Description**: In the Libgcrypt library, the `gcry_mpi_ec_mont_decodepoint` function has a buffer overf…

Read more
WP reCaptcha < 2.0 Admin+ Stored XSS Vulnerability
wpscan.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: WP reCaptcha by WebDesignBy reCaptcha 4. Enter the following payload in the Site Key field: 5. Save settings ``` ### Classification Information - *…

Read more
uuid library index out-of-bounds missing RangeError fix
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves the version generation functions `v1`, `v3`, `v4`, `v5`, `v6`, and `v7` in the `uuid` library. These functions fail to properly throw a `RangeErr…

Read more
uuid Library v3/v5/v6 Buffer Boundary Check Missing Vulnerability Analysis
github.com · 2026-04-23

# Vulnerability Summary: Missing Buffer Boundary Check in uuid Library ## Vulnerability Overview In versions v3, v5, and v6 of the `uuid` library, when an external output buffer (`buf`) is provided, t…

Read more
Froxlor Domains.add Bypass Quota Limit via IDOR
github.com · 2026-04-23

### Vulnerability Overview In the `Domains.add()` method, the `adminid` parameter accepts user input without validation. When the caller (reseller) does not have the `customers_see_all` permission, th…

Read more
Froxlor Email Sender Alias Domain Ownership Bypass (CVE-2026-4232)
github.com · 2026-04-23

# Vulnerability Summary: Froxlor Email Sender Alias Domain Ownership Bypass ## Vulnerability Overview **Title**: Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer …

Read more
Libgcrypt Security Update: Fixes ECDH Buffer Overflow and Dilithium Missing Boundary Checks
lists.gnupg.org · 2026-04-23

### Vulnerability Overview Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4 have fixed the following security vulnerabilities: 1. **ECDH Buffer Overflow** ([T8211]): - Fixed an issue where the ECDH buffe…

Read more
Libgcrypt ECDH Buffer Overflow (CVE-2020-25519) and Dilithium Vulnerability Advisory
www.openwall.com · 2026-04-23

# Libgcrypt Security Vulnerability Summary ## Vulnerability Overview The Libgcrypt library has two critical security vulnerabilities: 1. **CVE-2020-25519**: A buffer overflow vulnerability exists in E…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC
www.wordfence.com · 2026-04-23

# Vulnerability Summary ## Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Type**: Remote Code Execution (RCE) **Description**: A …

Read more
Froxlor Fix Missing DNS NAPTR Record Validation
github.com · 2026-04-23

# Vulnerability Summary ## Overview This commit fixes the missing validation for DNS NAPTR record content. In the file `lib/Froxlor/Api/Commands/DomainsZones.php`, there was previously no validation l…

Read more
Froxlor LFI to RCE Vulnerability Analysis and POC (CVE-2024-XXXX)
github.com · 2026-04-23

# Vulnerability Summary: Froxlor Local File Inclusion (LFI) Leading to Remote Code Execution (RCE) ## Vulnerability Overview * **Vulnerability Type**: Local File Inclusion (LFI) leading to Remote Code…

Read more
Froxlor Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Type**: Path Traversal - **Description**: In the `froxlror` project, the `def_language` parameter does not validate existing language files, leading to a r…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.