Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23786+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
FreeRDP Path Traversal Vulnerability in contains_dotdot()
github.com · 2026-04-24

# FreeRDP `contains_dotdot()` Path Traversal Vulnerability Summary ## Vulnerability Overview In the file `channels/drive/client/drive_file.c` of FreeRDP, the `contains_dotdot()` function has an off-by…

Read more
Roxy-WI Authenticated RCE via OS Command Injection (CVE-2020-33208) with POC
github.com · 2026-04-24

### Vulnerability Overview **Vulnerability Name**: Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint **Vulnerability Description**: In the `/config//find-in-confi…

Read more
Actual Sync Server Privilege Escalation via change-password Endpoint (Pre-Auth/IDOR)
github.com · 2026-04-24

# Vulnerability Summary: Privilege Escalation on 'change-password' Endpoint of OpenID-Migrated Servers ## Vulnerability Overview On servers migrated from password authentication to OpenID Connect, any…

Read more
OP-TEE OS PKCS#11 TA Out-of-bounds Read and Memory Disclosure (CVE-2026-3317)
github.com · 2026-04-24

# PKCS#11 TA Out-of-Bounds Read and Memory Disclosure Vulnerability Summary ## Vulnerability Overview **CVE-2026-3317** * **Severity**: High (8.7/10) * **Affected Versions**: OP-TEE OS >= 3.13.0 * **F…

Read more
roxy-wi haproxy_section_save SQL Injection Vulnerability Analysis
github.com · 2026-04-24

# SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: SQL injection vulnerability exists in the `haproxy_section_save` endpoint * **Vulnerability Source**: Unfilter…

Read more
Kirby CMS CVE-2024-40099: pages:create Bypasses changeStatus via isDraft
github.com · 2026-04-24

# Vulnerability Overview **Vulnerability Title**: Page creation API bypasses `changeStatus` permission check via unfiltered `isDraft` parameter **CVE ID**: CVE-2024-40099 **CVSS Score**: 5.3 / 10 (Mod…

Read more
Kirby CMS Vulnerability Advisory: SSTI, Privilege Escalation, XML Injection (CVE-2026-34587)
github.com · 2026-04-24

### Vulnerability Overview 1. **Server-Side Template Injection (SSTI) via Double Template Parsing in Option Rendering** - **Description**: This vulnerability affects Kirby sites that use option fields…

Read more
Kirby CMS Permission Bypass via Unfiltered Blueprint Parameter (CVE-2026-41325)
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Title**: Page, file and user creation APIs bypass `create` permission check via unfiltered `blueprint` parameter - **CVE ID**: CVE-2026-41325 - **CVSS v4 Base S…

Read more
Kirby CMS SSTI via Double Template Resolution (CVE-2026-34587)
github.com · 2026-04-24

# Vulnerability Overview **Vulnerability Name**: Server-Side Template Injection (SSTI) via double template resolution in option rendering **Vulnerability Type**: Server-Side Template Injection (SSTI) …

Read more
Xibo CMS SQL Injection Vulnerability Analysis and Fix
github.com · 2026-04-24

# Xibo CMS SQL Injection Vulnerability Summary ## Vulnerability Overview Xibo CMS has an SQL injection vulnerability, primarily due to improper handling of SQL query parameters and filters, allowing a…

Read more
Path Traversal Vulnerability Fix in Go Linter (CWE-22)
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: Path Traversal Vulnerability - **Description**: The `saveListResults` function constructs the output file path using values from the `arch` and `pk…

Read more
Xibo CMS SQL Injection Vulnerability Fix Analysis
github.com · 2026-04-24

# Vulnerability Summary ## Overview This commit fixes a **SQL injection vulnerability** in **Xibo CMS**. The vulnerability stems from insufficient input validation and sanitization of SQL query parame…

Read more
Xibo CMS SQL Injection Vulnerability Fix and Code Implementation
github.com · 2026-04-24

# Vulnerability Summary ## Overview Xibo CMS has a SQL injection vulnerability. This vulnerability stems from inadequate filtering and sanitization mechanisms for user input in SQL queries. An attacke…

Read more
melange CVE-2025-29551 Path Traversal via .PKGINFO
github.com · 2026-04-24

# Vulnerability Overview **Title**: Path traversal in melange --persist-lint-results via unvalidated .PKGINFO fields **Description**: In melange, the `--persist-lint-results` flag (also available via …

Read more
melange CVE-2026-29050 Path Traversal to RCE via pipeline[].uses
github.com · 2026-04-24

# Vulnerability Overview **Title**: Path traversal in melange's external pipeline resolver (pipeline[].uses) allows loading a pipeline from outside the pipeline directories **Description**: An attacke…

Read more
Xibo CMS 4.4.1 Security Update: SQL Injection and Session Management Fixes
github.com · 2026-04-24

# Xibo CMS 4.4.1 Vulnerability Fix Summary ## Vulnerability Overview Xibo CMS version 4.4.1 fixes multiple security vulnerabilities, including: - **SQL Injection Vulnerability**: SQL injection risk ex…

Read more
SenseLive X3050 Vulnerability Advisory: Multiple CVEs (CVE-2026-40630, etc.)
www.cisa.gov · 2026-04-24

# SenseLive X3050 Vulnerability Summary ## Vulnerability Overview * **Release Date**: April 21, 2026 * **Alert Code**: ICSA-26-11-12 * **Risk Level**: CVSS v3.9.8 * **Core Risk**: Successful exploitat…

Read more
Zalo Webhook Replay Deduplication Vulnerability Fix Analysis
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the replay deduplication mechanism of Zalo Webhook. Specifically, it allows an attacker to perform replay attacks by reusing message IDs across d…

Read more
OpenClaw invoke-system-run-plan.ts Command Injection Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview A security vulnerability exists in the `invoke-system-run-plan.ts` file of the OpenClaw project, allowing attackers to bypass security restrictions and execute arbi…

Read more
OpenClaw Control UI Bootstrap Payload Tampering Vulnerability Analysis
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview The OpenClaw platform has a vulnerability where the **Control UI Bootstrap Payload can be tampered with**. An attacker can modify the frontend bootstr…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.