Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
SQL Injection Fix in backend/routes/api.js
github.com · 2026-04-23

### Vulnerability Overview The webpage screenshot shows a fix record for an SQL injection vulnerability. The vulnerability primarily appears in the file `backend/routes/api.js`, involving multiple SQL…

Read more
Jellystat <=1.1.9 SQL Injection Leading to RCE Analysis
github.com · 2026-04-23

# Jellystat SQL Injection Leading to Remote Code Execution Vulnerability Summary ## Vulnerability Overview Jellystat version 1.1.9 contains a critical SQL injection vulnerability that can be exploited…

Read more
Frappe Framework v16.10.0 Stored DOM XSS Vulnerability Analysis
fluidattacks.com · 2026-04-23

# Frappe Framework v16.10.0 Stored DOM XSS Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Frappe Framework v16.10.0 - Stored DOM XSS in Multiple Field Formatters * **CVE ID*…

Read more
Python http.cookies SimpleCookie.js_output HTML Injection Vulnerability Analysis
github.com · 2026-04-23

# SimpleCookie.js_output Vulnerability Summary ## Overview - **Vulnerability ID**: #90309 - **Vulnerability Type**: HTML Injection - **Affected Module**: `SimpleCookie.js_output` method in the `http.c…

Read more
libp2p discovery module DoS via duplicate substream panic fix
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves a crash issue caused by repeated discovery substream occurrences. Specifically, when a second discovery substream is opened on the same connectio…

Read more
CVE: Kiota Code Generation Literal Injection Vulnerability
github.com · 2026-04-23

# CVE Notice: Kiota Code Generation Literal Injection Vulnerability ## Vulnerability Overview Versions of Kiota **prior to 1.31.1** contain a code generation literal injection vulnerability. This issu…

Read more
libp2p MessageCodec Unbounded Memory Allocation Fix
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Description**: `MessageCodec` does not validate the declared message length before reading the entire stream into memory, allowing an attacker to …

Read more
Python http.cookies Cookie Injection via Unencoded JS Embedding
github.com · 2026-04-23

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: gh-90309 - **Vulnerability Description**: When embedding Cookie values into JavaScript, Base64 encoding is not applied, leadin…

Read more
Fix for Node Crash due to Invalid BLS Voting Key Validation in Blockchain Consensus
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Name**: Crash Caused by Invalid Election Macro Block Validator Voting Key Verification - **Description**: An unvalidated node can announce an elec…

Read more
XXE in OpenRemote Velbus Asset Import (CVSS 7.6)
github.com · 2026-04-23

# XXE in Velbus Asset Import ## Vulnerability Overview The Velbus asset import feature does not implement XXE (XML External Entity) hardening when parsing attacker-controlled XML. An authenticated use…

Read more
Underflow Panic in Vesting/HTLC Contracts Causing Permanent Node Unavailability
github.com · 2026-04-23

# Vulnerability Summary ## Overview In the `vesting` and HTLC (Hashed Time-Locked Contract) contracts, there is an underflow panic vulnerability when `total_amount` exceeds the balance. This vulnerabi…

Read more
Blockchain Node DoS Fix: Malicious HistoricTransaction Triggers Panic in History Sync
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Name**: Fix panic triggered by sync node during historical synchronization. - **Description**: A malicious sync node can cause the sync node to cr…

Read more
RustFS Notification Target Endpoint Authorization Bypass (CVE-2024-40837)
github.com · 2026-04-23

# RustFS Notification Target Endpoint Missing Admin Authorization Vulnerability Summary ## Vulnerability Overview All four notification target management API endpoints in RustFS (located at `rustfs/sr…

Read more
OpenRemote CVE-2024-41166 Improper Access Control Vulnerability Analysis
github.com · 2026-04-23

# Vulnerability Summary: OpenRemote Improper Access Control Vulnerability ## Overview - **Vulnerability Name**: Improper Access Control in `UserResourceImpl.java` - **CVE ID**: CVE-2024-41166 - **CVSS…

Read more
Blockchain Node Crash via Invalid BLS Voting Key Vulnerability Analysis
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability ID**: #3662 - **Vulnerability Type**: Crash caused by invalid election macroblock validator voting key - **Description**: An untrusted peer can an…

Read more
Nimiq UpdateValidator Voting Key Update Lacks Proof-of-Knowledge Verification
github.com · 2026-04-23

# Vulnerability Summary: Vote Key Update Lacks Proof-of-Knowledge Verification ## Overview In the `nimiq/core-rs-albatross` project, the `UpdateValidator` transaction does not require a proof-of-knowl…

Read more
CVE-2025-34063: network-libp2p DoS via duplicate discovery substream
github.com · 2026-04-23

# Vulnerability Summary: Peer can crash the node by opening discovery protocol substream twice ## Vulnerability Overview - **Vulnerability Name**: Peer can crash the node by opening discovery protocol…

Read more
Fix for HistoryTreeProof verification panic due to length mismatch
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Type**: Panic caused by mismatched history tree proof length. - **Description**: The `HistoryTreeProof::verify` method uses `assert_eq!` to check …

Read more
EspoCRM TemplateManager Path Traversal Vulnerability (CVE-2026-33733) Analysis and POC
github.com · 2026-04-23

# Vulnerability Summary: EspoCRM Admin TemplateManager Path Traversal Vulnerability ## Vulnerability Overview **Title**: Admin TemplateManager path traversal allows arbitrary file read write and delet…

Read more
Nimiq core-rs-albatross Voting Key Verification Bypass Vulnerability
github.com · 2026-04-23

### Vulnerability Overview In the `nimiq/core-rs-albatross` project, the `UpdateValidator` transaction accepts a new voting key without requiring a proof-of-knowledge. This allows an attacker to set a…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.