Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
OAuth Provider: OAuth client creation bypasses clientPrivileges callback hook · Advisory · better-auth/better-auth · Git
github.com · 2026-04-25

# GitHub Security Advisory: better-auth/oauth-provider Vulnerability ## Vulnerability Overview - **Vulnerability Title**: OAuth Provider: OAuth client creation bypasses clientPrivileges callback hook …

Read more
Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR · Advisory · open-telemetry/op
github.com · 2026-04-25

# Vulnerability Overview **Title**: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR **CVE ID**: CVE-2024-41433 **CVSS Score**: 8.4 / 10 (High) **Source**: Git…

Read more
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field · Advisory · dgraph-io/dgraph ·
github.com · 2026-04-25

# Dgraph Pre-authentication DQL Injection Vulnerability Summary ## Vulnerability Overview Dgraph contains a pre-authentication full-database data leakage vulnerability (CVE-2026-41327). An attacker ca…

Read more
Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints ·
github.com · 2026-04-25

# Vulnerability Summary: BudiBase Authentication Bypass Vulnerability ## Overview **Title**: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected…

Read more
GitHub - bootstrapbool/xerteonlinetoolkits-rce: Unauthenticated Xerte Online Toolkits exploit. Requires knowing a valid
github.com · 2026-04-25

# Xerte Online Toolkits Remote Code Execution Vulnerability Summary ## Vulnerability Overview Xerte Online Toolkits contains three exploitable vulnerabilities that can be chained by unauthorized attac…

Read more
:lock: https://github.com/siyuan-note/siyuan/security/advisories/GHSA… · siyuan-note/siyuan@bb481e1 · GitHub
github.com · 2026-04-25

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a path traversal issue in the `kernel/server/server.go` file. An attacker can bypass sensitive file protection mechanisms …

Read more
chore: delete dangerous (and not that useful) PR action in favor of a… · skim-rs/skim@bf63404 · GitHub
github.com · 2026-04-25

### Vulnerability Overview This commit (bf63404) removes a dangerous PR (Pull Request) operation that was deemed unnecessary and posed potential risks. ### Impact Scope - **File Changes**: Involves mo…

Read more
CopyFile Policy Subversion via Symlinks · Advisory · kata-containers/kata-containers · GitHub
github.com · 2026-04-25

# CopyFile Policy Subversion via Symlinks ## Vulnerability Overview A security vulnerability exists in the CopyFile policy of Confidential Containers and Kata Containers. An attacker can bypass policy…

Read more
Arbitrary code execution via pull_request_target fork checkout in pr.yml · Advisory · skim-rs/skim · GitHub
github.com · 2026-04-25

### Vulnerability Overview **Vulnerability Name**: Arbitrary Code Execution via `pull_request_target` Branch Checkout **Vulnerability Description**: - In the `skim-rs/skim` repository, the `generate_f…

Read more
Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint · Advisory · siy
github.com · 2026-04-25

# CVE-2026-30869: Path Traversal Vulnerability (Double URL Encoding Bypass) ## Vulnerability Overview In SiYuan note-taking software v5.1.0, there is a path traversal vulnerability in the `/export/` e…

Read more
SiYuan Desktop Notification XSS Leads to Electron RCE · Advisory · siyuan-note/siyuan · GitHub
github.com · 2026-04-25

# SiYuan Desktop Notification XSS Leads to Electron RCE ## Vulnerability Overview SiYuan version 3.6.4 for desktop contains a Cross-Site Scripting (XSS) vulnerability that can lead to Remote Code Exec…

Read more
Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph · Advisory · dgraph-io
github.com · 2026-04-25

# Vulnerability Summary: Unauthorized Admin Token Disclosure in Dgraph Leads to Authentication Bypass ## Vulnerability Overview **Title**: Unauthenticated Admin Token Disclosure Leading to Authenticat…

Read more
Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy · Advisory · axios/axios · GitHu
github.com · 2026-04-25

# Vulnerability Summary: Axios Prototype Pollution Leads to Authentication Bypass ## Vulnerability Overview The Axios library contains a Prototype Pollution vulnerability. An attacker can pollute `Obj…

Read more
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field · Advisory · dgraph-io/dgraph · GitHub
github.com · 2026-04-25

# Dgraph Pre-Authentication DQL Injection Vulnerability Summary ## Vulnerability Overview Dgraph has a pre-authentication full database disclosure vulnerability. An attacker can inject malicious queri…

Read more
[Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qgx5 (CVE-2025-62718) — NO_PROXY Protection Bypassed via RFC 1122 Loopb
github.com · 2026-04-25

# Vulnerability Summary: Axios NO_PROXY Protection Bypass (CVE-2025-62718) ## 1. Vulnerability Overview * **Vulnerability Name**: [Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qqx5 (CVE-2025-62718)…

Read more
Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# Vulnerability Summary: Invisible JSON Response Tampering via Axios Prototype Chain Pollution ## Vulnerability Overview * **Vulnerability Name**: Invisible JSON Response Tampering via Prototype Pollu…

Read more
CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream · Advisory · axios/axios · GitH
github.com · 2026-04-25

# CRLF Injection Vulnerability Summary ## Vulnerability Overview A CRLF injection vulnerability exists in the `formDataToStream` function of the `axios` library. When processing files of type `Blob` o…

Read more
XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion · Advisory · axios/ax
github.com · 2026-04-25

# Vulnerability Summary: Axios Library XSRF Token Cross-Origin Leakage Vulnerability ## Vulnerability Overview **Title**: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFTok…

Read more
HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# Axios HTTP Adapter Streaming Upload Bypasses maxBodyLength Vulnerability ## Vulnerability Overview When `maxRedirects` is set to 0 (i.e., using the native `http/https` transport path), the `maxBodyL…

Read more
axios: unbounded recursion in toFormData causes DoS via deeply nested request data · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# Axios Vulnerability Summary: Unbounded Recursion in toFormData Leads to Denial of Service ## Vulnerability Overview - **Vulnerability Name**: axios: unbounded recursion in toFormData causes DoS via …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.