Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Hermes Web UI Path Traversal / Workspace Isolation Bypass Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Path Traversal / Workspace Isolation Bypass - **Severity**: CVSS 8.8 High (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) - **Issue De…

Read more
hermes-webui profile isolation fix: env var leakage across profile switches
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This commit fixes a security issue related to **profile isolation** in the `hermes-webui` project. The core vulnerability lies in the fact that when s…

Read more
Fix for openharness ohmo unauthorized access via default allow_from wildcard
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Security misconfiguration (default remote channel allowlist) - **Affected Component**: `ohmo` remote channel configuration - **Issue Descr…

Read more
OpenHarness ohmo fix: secure default remote channel allowlists
github.com · 2026-04-22

# [security] fix(ohmo): secure default remote channel allowlists #147 ## Vulnerability Overview This vulnerability involves the default access control policy for remote channels in the `ohmo/OpenHarne…

Read more
Comfast CF-N1-S Router Authenticated Command Injection Vulnerability with POC
github.com · 2026-04-22

# Comfast CF-N1-S Router Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Authenticated Command Injection - **Affected Product**: Comfast CF-N1-S V2 - **Firmware Version**: V2…

Read more
Comfast CF-N1-S CVE-2026-6799 Command Injection Vulnerability
vuldb.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Comfast CF-N1-S 2.6.0.1 Endpoint mbox-config?method=SET$ion=ping_config destination command injection - **CVE ID**: CVE-2026-6799 - **CVSS Score**:…

Read more
Tekton Pipeline VolumeMount Path Traversal Bypass (CVE-2024-40923)
github.com · 2026-04-22

# Tekton Pipeline VolumeMount Path Restriction Bypass Vulnerability Summary ## Vulnerability Overview There is a validation bypass vulnerability in the VolumeMount path restriction within Tekton Pipel…

Read more
Tekton Pipeline v1.11.1 Security Advisory: RCE, Token Leak, OOM via CVEs
github.com · 2026-04-22

### Vulnerability Overview Multiple security vulnerabilities exist in Tekton Pipeline v1.11.1, specifically including: 1. **Git Resolver API Schema Leaks System Configuration API Tokens** - **CVE-2026…

Read more
oxia-db/oxia Session Heartbeat Race Condition DoS (CVE-2026-40943)
github.com · 2026-04-22

# Vulnerability Summary: Race Condition in Session Heartbeat Handling of oxia-db/oxia Leads to Server Crash ## Overview oxia-db/oxia has a race condition in session heartbeat handling. The `heartbeat(…

Read more
Tekton Pipeline CVE-2024-40938: Git Resolver Unsanitized Revision Parameter Leads to RCE
github.com · 2026-04-22

# Vulnerability Summary: Tekton Pipeline Git Resolver Uncleaned Parameters Lead to RCE ## Vulnerability Overview **Vulnerability Name**: Git Resolver Unsanitized Revision Parameter Enables git Argumen…

Read more
Tekton Pipeline HTTP Resolver DoS via Unbounded Response Body (CVE-2026-40924)
github.com · 2026-04-22

# Tekton Pipeline HTTP Resolver Denial of Service Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memor…

Read more
DSF OIDC Session Missing Timeout Vulnerability (CVE-2024-4039)
github.com · 2026-04-22

# Vulnerability Summary: OIDC Session Lacks Timeout Configuration ## Overview In OpenID Connect (OIDC) authentication, the session is not configured with a maximum inactivity timeout. This means the s…

Read more
DSF FHIR Server OpenID Connect Configuration Security Guide
dsf.dev · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: OpenID Connect Configuration Issue - **Description**: The DSF FHIR server supports authentication via OpenID Connect, but by default only uses X.50…

Read more
compressing npm CVE-2026-24884 Patch Bypass via Symlink Poisoning
github.com · 2026-04-22

# Vulnerability Summary: Patch Bypass for CVE-2026-24884 in compressing v2.1.0 ## 1. Vulnerability Overview * **Vulnerability Name**: Symbolic link poisoning via Git delivery completely bypasses the C…

Read more
ntfs-3g 2026.2.25 Security Update: Heap Overflow and Format String Vulnerabilities Fix
github.com · 2026-04-22

### Vulnerability Overview In version `ntfs-3g` 2026.2.25, multiple security vulnerabilities and bugs have been fixed, including buffer overflows, heap overflows, format string vulnerabilities, and mo…

Read more
ntfs-3g CVE-2024-40756 Heap Buffer Overflow Vulnerability Advisory
github.com · 2026-04-22

# Vulnerability Summary: ntfs-3g Heap Buffer Overflow ## Overview - **Vulnerability Name**: Heap Buffer Overflow in `ntfs_build_permissions_posix()` - **CVE ID**: CVE-2024-40756 - **CVSS Score**: 7.8 …

Read more
DSF FHIR/BPE Server OIDC JWKS/Token Cache Logic Flaw Fix
github.com · 2026-04-22

# Vulnerability Summary: Reverse Time Comparison in OIDC JWKS and Token Cache ## Vulnerability Overview In the OIDC JWKS and Metadata Document cache of `dev.dsf:dsf-bpe-process-api-v2` and `dev.dsf:ds…

Read more
ntfs-3g CVE-2026-40706 Heap Buffer Overflow Vulnerability Advisory
www.openwall.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-40706 - **CVSS Score**: 7.8 (High) - **Vulnerability Type**: Heap buffer overflow - **Trigger Condition**: When processing security descri…

Read more
DSF OidcClientWithCache Token Cache Timeout Logic Error Fix
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves a logic error in the token cache expiration handling within the `OidcClientWithCache.java` file. Specifically, when checking whether the token ca…

Read more
Genesys Latitude Authenticated SQL Injection (CVE-2025-70420)
okunsec.com · 2026-04-22

# CVE-2025-70420: Genesys Latitude Authentication SQL Injection Vulnerability Summary ## Vulnerability Overview Genesys Latitude v25.1.0.420 contains an authentication SQL injection vulnerability. An …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.