Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Yonyou GRP-U8 SQL Injection Vulnerability (CNVD-2021-49104) with POC
www.wordfence.com · 2026-04-23

# Vulnerability Summary ## Overview **Vulnerability Name**: Yonyou GRP-U8 Administrative Institution Financial Management Software SQL Injection Vulnerability **Vulnerability Type**: SQL Injection **V…

Read more
Fix TOCTOU symlink race condition in GNU coreutils install -D command
github.com · 2026-04-23

# Vulnerability Summary: Symbolic Link Race Condition in `install -D` Command ## Overview A TOCTOU (Time-of-Check-Time-of-Use) race condition vulnerability exists in the `install -D` command. An attac…

Read more
GitLab Security Patches: CSRF, Path Traversal, XSS, DoS (CVE-2026-4922/5816/5262)
about.gitlab.com · 2026-04-23

# GitLab Security Patch Release Summary (18.11.1, 18.10.4, 18.9.6) ## Vulnerability Overview GitLab has released security patches for versions 18.11.1, 18.10.4, and 18.9.6, addressing multiple critica…

Read more
coreutils mkdir race condition vulnerability and fix
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability ID**: #10036 - **Description**: The `mkdir` command first sets permissions using umask when creating a directory, then calls `chmod` to modify the…

Read more
TOCTOU Race Condition in uutils/coreutils touch Command
github.com · 2026-04-23

# Vulnerability Summary: TOCTOU Race Condition in `touch` Path Creation ## Vulnerability Overview In the `touch` command of `uutils/coreutils`, there is a race condition (TOCTOU) when handling missing…

Read more
uutils chroot NSS Injection Vulnerability Analysis
github.com · 2026-04-23

### Vulnerability Overview - **Vulnerability Name**: chroot --userspec NSS Injection Before Privilege Drop (glibc) #10327 - **Vulnerability Description**: `uutils` parses `--userspec` after `chroot` b…

Read more
uutils/coreutils rm -rf . Silent Deletion Vulnerability Analysis
github.com · 2026-04-23

# Vulnerability Summary: `rm -rf .` Silently Deletes Contents of Current Directory ## Vulnerability Overview In the `uutils/coreutils` project, executing `rm -rf .` or `rm -rf //` causes the program t…

Read more
Fix: uutils/coreutils mv preserves symlinks during cross-device moves
github.com · 2026-04-23

### Vulnerability Overview - **Title**: `mv: preserve symlinks during cross-device moves instead of expanding them` - **Issue Number**: #10546 - **Description**: When moving across devices, the `mv` c…

Read more
utils id command crash and incorrect user/group ID handling vulnerability
github.com · 2026-04-23

# Vulnerability Summary ## Overview Multiple issues exist in the handling of different `id` values within the `id` command located in `utils/coreutils`, mainly involving: 1. When given a malformed gro…

Read more
utils cp TOCTOU Vulnerability: Symbolic Link Bypass via Missing O_NOFOLLOW
github.com · 2026-04-23

# Vulnerability Summary: cp TOCTOU Vulnerability (Issue #10017) ## Overview The `utils cp` command has a classic TOCTOU (Time-of-check to Time-of-use) vulnerability. This flaw arises because the progr…

Read more
GNU coreutils cp -p fails to clear setuid/setgid bits on chown failure
github.com · 2026-04-23

# Vulnerability Summary: `cp -p` Fails to Properly Clear setuid/setgid Bits When chown Fails ## Vulnerability Overview When using `cp -p` (preserve attributes) to copy a file, if the ownership of the …

Read more
uutils mv TOCTOU Race Condition in Cross-Device File Move
github.com · 2026-04-23

# Vulnerability Summary: uutils mv TOCTOU Race #10015 ## Vulnerability Overview The `mv` command in uutils has a race condition (TOCTOU Race) between deleting and recreating the destination file when …

Read more
uutils printenv silently skips invalid UTF-8 env vars bypassing security checks
github.com · 2026-04-23

# Vulnerability Summary: `printenv` Skips Environment Variables Containing Invalid UTF-8 ## Vulnerability Overview The `printenv` command silently ignores environment variables containing invalid UTF-…

Read more
Fix rm --preserve-root symlink bypass in uutils/coreutils
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Title**: `rm --preserve-root` should work correctly on symbolic links - **Issue**: #9706 - **Status**: Merged - **Repository**: uutils/coreutils - **Branch**: `…

Read more
uutils dd Silent Truncate Error and Exit Code Anomaly Analysis
github.com · 2026-04-23

# dd: Silent Truncate Error Suppression #9745 ## Vulnerability Overview When the output device is full, read-only, or cannot be truncated, the `dd` command reports success (exit code 0), but stale dat…

Read more
uutils coreutils tail --follow=name Symlink Follow Bypass
github.com · 2026-04-23

# Vulnerability Overview - **Vulnerability Title**: `tail --follow=name accepts symlink replacements #10328` - **Vulnerability Description**: When using the `--follow=name` option, `utils/tail` accept…

Read more
Iperius Backup FTP RCE Vulnerability and POC
www.iperiusbackup.com · 2026-04-23

# Iperius Backup Vulnerability Summary ## Vulnerability Overview Iperius Backup contains a remote code execution vulnerability. An attacker can construct a malicious FTP server and exploit the FTP bac…

Read more
Juniper Junos OS/OS Evolved Command Injection Vulnerability (CVE-2026-33791)
supportportal.juniper.net · 2026-04-23

# Juniper Networks Security Advisory 2026-04 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Command Injection Vulnerability in Junos OS and Junos OS Evolved * **CVE ID**: CV…

Read more
LanSpy 2.0.1.159 Local Buffer Overflow Vulnerability Analysis with SEH/Egg Hunter POC
www.exploit-db.com · 2026-04-23

# LanSpy 2.0.1.159 Buffer Overflow Vulnerability (SEH/Egg Hunter) ## Vulnerability Overview * **Vulnerability Type**: Local Buffer Overflow * **Exploitation Method**: SEH (Structured Exception Handlin…

Read more
Angry IP Scanner 3.5.3 Denial of Service Vulnerability (EDB-ID: 45903) with PoC
www.exploit-db.com · 2026-04-23

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Angry IP Scanner 3.5.3 - Denial of Service (PoC) - **EDB-ID**: 45903 - **Author**: Fernando Cruz - **Release Date**: 2018-12…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.