Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Spring Security DaoAuthenticationProvider User Attribute Enumeration Vulnerability (CVE-2026-22746)
spring.io · 2026-04-22

# CVE-2026-22746: User Attribute Enumeration Vulnerability When Using DaoAuthenticationProvider ## Vulnerability Overview When an application uses `DaoAuthenticationProvider` and enables user attribut…

Read more
DAAP Service Race Condition Vulnerability Fix Analysis
github.com · 2026-04-22

# Vulnerability Summary ## Overview **Vulnerability Type**: Concurrent Race Condition **Affected File**: `src/httpd_daap.c` **Description**: In concurrent login scenarios, a race condition exists in t…

Read more
owntone-server SQL Injection Vulnerability Analysis
github.com · 2026-04-22

# owntone-server SQL Injection Vulnerability Summary ## Vulnerability Overview There is an SQL injection vulnerability in the file `src/parsers/daap_parser.y`. The vulnerability occurs when processing…

Read more
Tanium Server Information Disclosure Vulnerability (CVE-2026-6408) Advisory
security.tanium.com · 2026-04-22

# Vulnerability Summary: TAN-2026-012 ## Overview - **CVE ID**: CVE-2026-6408 - **Release Date**: April 22, 2026 - **Severity**: Low - **Base Score**: 2.7 - **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:H/UI…

Read more
FreeBSD SA-26:11 Advisory: CVE-2026-6386 Kernel Memory Corruption Vulnerability
security.freebsd.org · 2026-04-22

# FreeBSD SA-26:11.amd64 Security Advisory Summary ## Vulnerability Overview * **Vulnerability Name**: Missing large page handling in pmap_pku_update_range() * **CVE ID**: CVE-2026-6386 * **Descriptio…

Read more
FreeBSD TIOCTTY Use-After-Free Privilege Escalation (CVE-2026-5398)
security.freebsd.org · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Kernel use-after-free bug in the TIOCTTY handler - **CVE ID**: CVE-2026-5398 - **Release Date**: 2026-04-21 - **Affected Module**: tty - **Backgrou…

Read more
facil.io JSON Parser Infinite Loop Vulnerability
github.com · 2026-04-22

### Vulnerability Overview **Title**: Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem **Description**: - **Issue**: The JSON parse…

Read more
MinIO Unauthenticated Object Write via Query-String Credential Bypass (CVE-287)
github.com · 2026-04-22

### Vulnerability Overview **Title**: Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads **Description**: An authentication bypass vulnerability exis…

Read more
MinIO S3 Multipart Upload Chunk Size Configuration Rejection Issue
github.com · 2026-04-22

# Vulnerability Summary ## Overview This vulnerability involves a misconfiguration issue with the chunk size setting in the MinIO object storage server when handling multipart uploads. When a client u…

Read more
MinIO Unauthenticated Object Write via Snowball Auto-Extract (CVE-2026-40344)
github.com · 2026-04-22

# Vulnerability Summary: Snowball Auto-Extract Unauthorized Object Write ## Vulnerability Overview **Title**: Unauthenticated Object Write via Missing Signature Verification in Snowball Auto-Extract *…

Read more
F Prime SpacePacketDeframer Buffer Overflow Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This submission fixes multiple security issues related to buffer overflows and invalid data assertions, mainly involving: - Filename overflow handling…

Read more
AMF Missing Default Case in Content-Type Switch (CVE-2025-41136)
github.com · 2026-04-22

# [AMF] Missing default case in Content-Type switch in HTTPUEContextTransfer ## Vulnerability Overview In the file `internal/sbi/api/communication.go`, the `HTTPUEContextTransfer` function processes t…

Read more
openfga v1.4.1 Host Header Injection Vulnerability Fix
github.com · 2026-04-22

### Vulnerability Overview In version `v1.4.1` of the `openfga` project, there is a security vulnerability. This vulnerability involves the `AuthZEn` discovery metadata, specifically that the publishe…

Read more
pyLoad Session Management Fix for GHSA-60hx-chf7-3332
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper User Session Management - **Impact**: When a user is modified/deleted or their password is changed, sessions are not properly inv…

Read more
Craft CMS Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves an issue with resource path handling in Craft CMS, specifically manifested in the `AppController.php` and `Application.php` files, where insecure…

Read more
CVE-2026-4133: payload-ng Stale Session Privilege Bypass Analysis
github.com · 2026-04-22

# Vulnerability Summary: Stale Session Privilege After Role/Permission Change ## Overview **Title**: Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) **CVE ID**: CVE-…

Read more
free5GC PCF Memory Leak DoS via CORS Middleware Registration
github.com · 2026-04-22

# [PCF] Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service ## Vulnerability Overview In the PCF (Policy Control Function) of free5GC, there is a memory leak vulner…

Read more
PCF NPCF Sm/Ue Policy Control Unauthenticated Access Leading to SUPI Leakage and Fix
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the absence of authentication middleware in `smPolicyGroup` and `uePolicyGroup`, allowing unauthenticated requests to directly access business lo…

Read more
CVE-2026-40343: UDR fail-open in PolicyDataSubsToNotifyPost allows unintended subscription creation
github.com · 2026-04-22

### Vulnerability Overview **Title**: UDR fail-open request handling in PolicyDataSubsToNotifyPost may allow unintended subscription creation after input errors **Description**: - **Issue**: In the `P…

Read more
CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint
github.com · 2026-04-22

# CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint ## Vulnerability Overview - **Vulnerability Type**: Host Header Injection leading to SSRF (Server-Side Request Forgery) - **Affe…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.