Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Path Traversal Vulnerability in rcserver Module
github.com · 2026-04-23

# Vulnerability Summary ## Overview In the `rcserver.go` file, there is a path traversal vulnerability. When the user-provided `opt.Files` path is used to construct `extractPath`, if the path contains…

Read more
verl math_equal() Arbitrary Code Execution via Unsafe eval()
github.com · 2026-04-23

# Vulnerability Summary: verl math_equal() Arbitrary Code Execution Vulnerability ## Overview - **Vulnerability Name**: verl math_equal() Arbitrary Code Execution via Unsafe eval() - **Vulnerability T…

Read more
Rclone Unauthenticated Auth Bypass and Command Execution via RC Options
github.com · 2026-04-23

# Vulnerability Summary: Unauthorized RC Options/Settings in Rclone Lead to Runtime Authentication Bypass and Command Execution ## Overview The `rc` endpoint `options/set` in Rclone does not set `Auth…

Read more
JVN#45563482: LiveOn Meet Client Installer DLL Hijacking Vulnerability (CVE-2026-32679)
jvn.jp · 2026-04-23

# JVN#45563482: LiveOn Meet Client Installer and Plug-in May Unsafely Load Dynamic Link Libraries ## Overview The LiveOn Meet client installer and the Canon Network Camera plug-in installer contain an…

Read more
ByteDance verl <=0.7.0 Arbitrary Code Execution via eval() in Math Grader
vuldb.com · 2026-04-23

# Vulnerability Summary: ByteDance verl `) - Attacker can control or induce the model to output malicious code ## Remediation - **Current Status**: Marked as “Fixed” (Status: Fixed) - **Recommended Me…

Read more
copilot-api DNS Rebinding Bypass and Missing Host Header Validation Vulnerability Analysis
github.com · 2026-04-23

# Vulnerability Summary: DNS Rebinding Attack Bypasses Network Restrictions to Access Local API ## Vulnerability Overview This vulnerability exists in the `copilot-api` project due to the server not p…

Read more
radare2 r2 Command Injection via PDB Realname (#25730)
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability ID**: #25730 - **Fix PR**: #25731 - **Vulnerability Type**: Command Injection - **Root Cause**: The `r2` command does not properly escape or encod…

Read more
radare2 PDB Parser Command Injection via Unsantized Symbol Names
github.com · 2026-04-23

# [Security] Command injection caused by lack of sanitization of PDB symbol names #25730 ## Vulnerability Overview There is a command injection vulnerability in the `print_gvars()` function of the PDB…

Read more
pypdf PDF image decoding DoS vulnerability fix
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves the FlateDecode parameters and image decoding limits in the `py-pdf/pypdf` library. The specific issue is that certain filters (such as FlateDeco…

Read more
Squidex Backup Restore Local File Read Vulnerability and Fix
github.com · 2026-04-23

# Squidex Backup Restore Vulnerability Summary ## Vulnerability Overview Squidex has a security vulnerability that allows an attacker to download backup files from the local file system by crafting ma…

Read more
Wekan SSRF Vulnerability Fix: URL Protocol and Private IP Validation
github.com · 2026-04-23

# Vulnerability Summary ## Overview This commit fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the Wekan platform. An attacker can craft a malicious Webhook URL to cause the server t…

Read more
pypdf fix: Limit incremental clone object count/ID to prevent DoS (#3735)
github.com · 2026-04-23

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Title**: SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735) - **Submitter**: stefan6419846 - **Submission Ti…

Read more
Statamic CMS CVE-2020-41175 Unsafe Method Invocation Data Destruction
github.com · 2026-04-23

# Vulnerability Overview **Title**: Unsafe method invocation via query value resolution allows data destruction **CVE ID**: CVE-2020-41175 **CVSS Score**: 8.1 / 10 (High) **Reporters**: joshuaalwin, k…

Read more
Squidex Restore API Blind SSRF Vulnerability (CVE-2024-4177) Analysis and PoC
github.com · 2026-04-23

# Vulnerability Summary: Squidex Restore API Blind SSRF Vulnerability ## Overview * **Vulnerability Name**: Blind Server-Side Request Forgery (SSRF) in Restore API * **Vulnerability Type**: SSRF (Serv…

Read more
Squidex SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-23

# Squidex SSRF Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerable Path**: `/api/apps/{app}/assets` - **Vulnerability Descriptio…

Read more
Squidex SSRF via Jint Scripting Engine HTTP Functions
github.com · 2026-04-23

# SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient ## Vulnerability Overview There is a Server-Side Request Forgery (SSRF) vulnerability in Squidex. Th…

Read more
WeKan v8.35 Patch: Integrationbleed Vulnerability Fix and Dependency Updates
github.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: Integrationbleed - **Fixed Version**: v8.35 - **Release Date**: March 6, 2023 - **Contributors**: Rodolphe GHIO and xet7 ### Impact Scope - **Affec…

Read more
Squidex CVE-2025-41170 Admin-Only SSRF in Backup Restore Endpoint
github.com · 2026-04-23

# SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affe…

Read more
Frappe Framework 16.10.0 Stored DOM XSS in Tag Pill Renderer (CVE-2026-3673)
fluidattacks.com · 2026-04-23

# Frappe Framework 16.10.0 Stored DOM XSS Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Frappe Framework 16.10.0 – Stored DOM XSS in Tag Pill Renderer - **Vulnerability Typ…

Read more
pypdf fix DoS via xref/object stream size limits
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability ID**: #3733 - **Description**: Limit the size of xref and object streams to prevent memory exhaustion or denial-of-service attacks caused by exces…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.