Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Froxlor Single Quote Escape Fix in MysqlServer and PhpHelper
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Type**: Single quote escaping issue - **Affected Files**: `lib/Froxlor/Api/Commands/MysqlServer.php` and `lib/Froxlor/PhpHelper.php` - **Descripti…

Read more
CVE-2024-41230: Froxlro Zone File Injection via Unsanitized DNS Records
github.com · 2026-04-23

### Vulnerability Overview **Vulnerability Name**: BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() **Vulnerability Description**: - **Vulnerability Type**: Injection …

Read more
CVE-2024-41231: Incomplete Symlink Validation in DataDump.add() Allows Privilege Escalation
github.com · 2026-04-23

# Vulnerability Summary: Incomplete Symlink Validation in DataDump.add() ## Vulnerability Overview - **Vulnerability Name**: Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory …

Read more
Froxlor Data Export Symlink Bypass Vulnerability Analysis
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves the lack of validation for symbolic links (symlinks) in the data export functionality, leading to potential security risks. An attacker may const…

Read more
Froxlor CVE-2026-4229 PHP Code Injection via Unescaped Quotes
github.com · 2026-04-23

# PHP Code Injection Vulnerability Summary (Froxlor CVE-2026-4229) ## Vulnerability Overview **Vulnerability Name**: PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (Mysq…

Read more
WordPress Plugin Fast & Fancy Filter – 3F CSRF Vulnerability in ff_save_settings
www.wordfence.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via `ff_save_settings` AJAX Action - **Vulnerability Type**…

Read more
WordPress HTTP Headers Plugin RCE via File Path Control (CVE-2026-2717)
www.wordfence.com · 2026-04-23

# Vulnerability Summary: HTTP Headers Plugin Remote Code Execution Vulnerability ## Overview * **Vulnerability Title**: HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File…

Read more
psi-4ward/psitransfer Path Traversal Vulnerability Fix in File Upload
github.com · 2026-04-23

# Vulnerability Summary ## Vulnerability Overview This commit fixes a Path Traversal vulnerability in the file upload process. An attacker can bypass security checks by crafting special file names or …

Read more
PySpector Plugin Validation Bypass Vulnerability and Fix Details
github.com · 2026-04-23

# PySpector Plugin Verification System Bypass Vulnerability Summary ## Vulnerability Overview The plugin verification system of PySpector contains a security vulnerability that allows bypassing static…

Read more
Noir v1.0.0-beta.19 Memory Safety and Compiler Crash Fixes
github.com · 2026-04-23

# Noir v1.0.0-beta.19 Security and Vulnerability Fix Summary ## Vulnerability Overview This version fixes multiple vulnerabilities that could lead to program crashes, memory corruption, or security is…

Read more
Noir CVE-2024-4197: Heap Corruption in Brillig VM via Nested Tuple Arrays
github.com · 2026-04-23

# Vulnerability Overview **Title**: Heap corruption in foreign call results with nested tuple arrays **CVE ID**: CVE-2024-4197 **Severity**: Critical **Affected Versions**: usize { item_type.len() * e…

Read more
Paperclip Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand (RCE)
github.com · 2026-04-23

# Vulnerability Summary: Paperclip Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand ## Overview Paperclip contains a privilege escalation vulnerability that allows an attac…

Read more
PySpector Plugin Bypass Vulnerability (CVE-2024-41256) with POC
github.com · 2026-04-23

# PySpector Plugin System Bypass Vulnerability Summary ## Vulnerability Overview PySpector’s plugin security validator uses AST-based static analysis to prevent dangerous code from being loaded as plu…

Read more
vite-plus/binding Path Traversal Vulnerability (CVE-2024-4211) with POC
github.com · 2026-04-23

# Vulnerability Summary: Path Traversal Vulnerability in vite-plus/binding ## Overview A path traversal vulnerability exists in the `downloadPackageManager()` function of `vite-plus/binding`. This fun…

Read more
OpenLearn Forum Post Bypasses Moderation via Direct ID Access (CWE-284)
github.com · 2026-04-23

# Vulnerability Summary: OpenLearn Forum Post Bypass of Moderation Mechanism ## Vulnerability Overview When `safeMode` (moderation mode) is enabled, unmoderated forum posts are not visible in public l…

Read more
Unauthenticated RCE in Paperclip via Import Authorization Bypass (CVE-2026-41679)
github.com · 2026-04-23

# Vulnerability Summary: Paperclip Unauthenticated Remote Code Execution (RCE) ## Vulnerability Overview **Title**: Unauthenticated Remote Code Execution via Import Authorization Bypass **Severity Lev…

Read more
STIG Manager Reflected XSS Vulnerability Analysis (CVSS 8.5)
github.com · 2026-04-23

# Vulnerability Summary: Reflected XSS Vulnerability in Web App ## Overview - **Vulnerability Type**: Reflected Cross-Site Scripting (Reflected XSS) - **Location**: OIDC authentication error handling …

Read more
LangSmith SDK Streaming Token Events Bypass Output Redaction
github.com · 2026-04-23

# LangSmith SDK: Streaming token events bypass output redaction ## Vulnerability Overview The output redaction control in LangSmith SDK (`hideOutputs` in JS, `hide_outputs` in Python) does not apply t…

Read more
psitransfer 2.4.1 Path Traversal RCE via config file injection
github.com · 2026-04-23

# Vulnerability Summary: Upload PATCH Path Traversal Can Create `config..js` and Lead to Code Execution on Restart ## Overview In version 2.4.1 of `psitransfer`, the upload middleware has a path trave…

Read more
Rclone Unauthenticated RCE via WebDAV Backend Instantiation in fsinfo Endpoint
github.com · 2026-04-23

# Vulnerability Summary: Rclone WebDAV Backend Instantiation and Command Execution Vulnerability ## Overview The `operations/fsinfo` endpoint of Rclone is exposed without setting `AuthRequired: true`,…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.