Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Nimiq core-rs-albatross CVE-2020-14066 Peer-triggerable Panic in History Sync
github.com · 2026-04-23

# Peer-triggerable panic during history sync ## Vulnerability Overview - **Vulnerability Type**: Peer-triggerable panic - **Severity**: Moderate (5.3 / 10) - **CVSS v3 Base Metrics**: - Attack vector:…

Read more
CVE-2026-33656: Authenticated RCE via Formula Path Traversal in sourceId with PoC
github.com · 2026-04-23

# Vulnerability Summary: Authenticated RCE via Formula with Path Traversal in Attachment 'sourceId' ## Overview - **Vulnerability Name**: Authenticated RCE via Formula with Path Traversal in Attachmen…

Read more
CVE-2026-34507: Nimiq HistoryTreeProof Length Mismatch DoS
github.com · 2026-04-23

# Vulnerability Overview - **Vulnerability Name**: Panic via 'HistoryTreeProof' length mismatch - **Vulnerability Type**: Denial of Service (DoS) - **Severity**: Low (3.1 / 10) - **CVE ID**: CVE-2026-…

Read more
Tendermint BitSet Signature Index Out-of-Bounds Verification Bypass and Fix
github.com · 2026-04-23

### Vulnerability Overview This vulnerability involves the lack of range checking on signature indices during the `BitSet` signature verification process, allowing an attacker to construct signature i…

Read more
Nimiq SkipBlockProof Quorum Bypass via BitSet Index Truncation (CVE-2025-33471)
github.com · 2026-04-23

# nimiq-block Vulnerability Summary ## Overview - **Vulnerability Name**: skip block quorum bypass via out-of-range BitSet indices + u16 truncation - **Vulnerability ID**: GHSA-6973-8887-87ff - **Seve…

Read more
elfinder connector.php Path Traversal Vulnerability Fix
github.com · 2026-04-23

# Vulnerability Summary ## Overview This vulnerability involves a path traversal issue in the editor, where an attacker can craft malicious requests to exploit the path traversal flaw and access or mo…

Read more
SicuroWeb AngularJS Template Injection RCE Chain Analysis (CVE-2026-22191)
github.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-22191-SicuroWeb-ATI-chain.txt - **Vulnerability Type**: AngularJS Template Injection - **Discovery Time**: 2024/04/2025 - **Report Time**:…

Read more
CVE-2026-22191: SicroWeb AngularJS Template Injection Sandbox Escape RCE PoC
github.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-22191 - **Vulnerability Type**: AngularJS Template Injection → Sandbox Escape → Persistent Client-Side RCE - **Vulnerability Description**…

Read more
Xerte Path Traversal Vulnerability in connector.php
github.com · 2026-04-23

# Vulnerability Summary ## Overview This vulnerability is a **Path Traversal** issue found in the file `editor/elfinder/php/connector.php`. An attacker can craft malicious requests and exploit unfilte…

Read more
Xerte Online Toolkits Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-23

# Vulnerability Summary ## Overview This vulnerability involves a path traversal issue in the **Xerte Online Toolkits** project. An attacker can craft malicious requests to exploit improperly validate…

Read more
CVE-2026-22192/22199 Voltronic Power SNMP Web Pro Pre-Auth RCE Analysis
github.com · 2026-04-23

# Vulnerability Summary: CVE-2026-22192/22199 Voltronic Power Preauth RCE ## Overview Voltronic Power SNMP Web Pro v1.1 contains multiple independent vulnerabilities that can be chained to achieve rem…

Read more
Xerte Online Toolkits elfinder File Upload RCE via Incorrect Regex
www.vulncheck.com · 2026-04-23

# Xerte Online Toolkits File Upload RCE Vulnerability Summary ## Vulnerability Overview The `elfinder` connector endpoint in Xerte Online Toolkits has an incomplete input validation vulnerability. Thi…

Read more
Xerte Online Toolkits Path Information Disclosure Vulnerability Analysis
www.vulncheck.com · 2026-04-23

# Xerte Online Toolkits Path Information Disclosure Vulnerability Summary ## Vulnerability Overview Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability. An …

Read more
Xerte Online Toolkits Path Traversal Leading to Unauthenticated RCE
www.vulncheck.com · 2026-04-23

# Xerte Online Toolkits Path Traversal Vulnerability Summary ## Vulnerability Overview Xerte Online Toolkits contains a path traversal vulnerability. The flaw is located in the `connector.php` file (s…

Read more
SicuroWeb AngularJS Template Injection Sandbox Escape RCE (CVE-2025-22191)
www.boffsec-services.com · 2026-04-23

# AngularJS Template Injection Leading to Client-Side RCE Vulnerability Summary ## Vulnerability Overview This report discloses **3 zero-day vulnerabilities** targeting the industrial management softw…

Read more
Beghelli SiculoWeb AngularJS Sandbox Escape via Template Injection
www.vulncheck.com · 2026-04-23

# Beghelli Sicuro24 SiculoWeb AngularJS Sandbox Escape Vulnerability ## Vulnerability Overview The Beghelli Siculo24 SiculoWeb platform embeds AngularJS version 1.5.2, which is no longer maintained. T…

Read more
Xerte Online Toolkits Missing Authentication in connector.php Leading to RCE
www.vulncheck.com · 2026-04-23

# Xerte Online Toolkits Authentication Bypass Vulnerability ## Vulnerability Overview Xerte Online Toolkits contains a **Missing Authentication** vulnerability. An attacker can exploit this flaw via t…

Read more
Q3Fuzz QUIC/HTTP3 Fuzzing Framework and DoS Vulnerability Analysis
github.com · 2026-04-23

# Q3Fuzz Vulnerability Summary ## Vulnerability Overview Q3Fuzz is a fuzzing framework targeting the QUIC and HTTP/3 protocols. It discovers vulnerabilities by combining underlying protocol and encaps…

Read more
BioPython Entrez Parser URL Security Validation Bypass Fix
github.com · 2026-04-23

# Vulnerability Summary ## Overview This submission fixes a flaw in the URL security validation logic within `Bio/Entrez/Parser.py`. Previously, the `DataHandler.verify_security` method would stop che…

Read more
ddev ZipSlip Path Traversal Vulnerability Analysis (CWE-22)
github.com · 2026-04-23

# ZipSlip Path Traversal Vulnerability Summary ## Vulnerability Overview **ddev** is a local development tool. The `Untar()` and `Unzip()` functions in its `pkg/archive/archive.go` file have an unvali…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.