Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
GitHub Actions ArtiPACKED Vulnerability: GITHUB_TOKEN Credential Persistence via Artifacts
github.com · 2026-04-22

# [Security Report] Goshes - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence ## Vulnerability Overview **Vulnerability Name**: ArtiPACKED **Severity Level**: Critical (9.1/10) **Disco…

Read more
Mailcow CVE-2026-40872 Stored XSS in Autodiscover Logs with POC
github.com · 2026-04-22

# Vulnerability Overview **Title**: Stored XSS in autodiscover logs email address field (Stored XSS in the autodiscover log email address field) **CVE ID**: CVE-2026-40872 **CVSS Score**: 9.3 / 10 (Cr…

Read more
Stored XSS in mailcow/dockerized via X-Real-IP Header
github.com · 2026-04-22

# Vulnerability Summary: mailcow/dockerized Stored XSS ## Vulnerability Overview A stored cross-site scripting (Stored XSS) vulnerability exists in the "Login History" feature of `mailcow/dockerized`.…

Read more
Stored XSS in mailcow Quarantine Attachment Filename with POC
github.com · 2026-04-22

# Vulnerability Summary: Stored XSS in Attachment Filename in Quarantine ## Overview In the `mailcow-dockerized` project, the details modal of the Quarantine feature does not escape the attachment fil…

Read more
mailcow-dockerized fwdhost delete API Authorization Bypass
github.com · 2026-04-22

# Vulnerability Summary: mailcow-dockerized Forwarding Host Deletion Endpoint Lacks Authorization Check ## Overview In the `mailcow-dockerized` project, the `/api/v1/delete/fwdhost` endpoint lacks pro…

Read more
Zebra Cached Mempool Verification Bypass Leading to Consensus Split (CVE-2026-40880)
github.com · 2026-04-22

# Zcash Cached Mempool Verification Bypass Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2026-40880 - **Title**: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-T…

Read more
Vendure @vendure/core Unauthenticated SQL Injection Vulnerability Summary
github.com · 2026-04-22

# Vulnerability Summary: @vendure/core SQL Injection Vulnerability ## Overview An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. The user-controlled query string parameter…

Read more
mailow-dockerized Reflected XSS via Login Page Parameter Injection
github.com · 2026-04-22

# Vulnerability Summary: mailow-dockerized Login Page Reflected Parameter Injection / Error Context XSS Escape ## Overview In the login page of `mailow-dockerized`, there is a reflected parameter inje…

Read more
Decidim Authorization Bypass: Comments API Accessible Without Auth
github.com · 2026-04-22

# Vulnerability Summary: The comments API allows access to all commentable resources ## Vulnerability Overview A permission bypass vulnerability exists in the Decidim platform. The `commentable` field…

Read more
Mailcow Secondary SQL Injection via API
github.com · 2026-04-22

# Vulnerability Summary: Mailcow Second-Order SQL Injection Vulnerability ## Vulnerability Overview A second-order SQL injection vulnerability exists in the `quarantine_category` field of Mailcow. An …

Read more
CVE-2025-71058 DNS Cache Poisoning Vulnerability and POC Analysis
github.com · 2026-04-22

# CVE-2025-71058 Vulnerability Summary ## Vulnerability Overview This vulnerability involves DNS cache poisoning attacks, exploiting forged DNS response packets to deceive the target resolver. The att…

Read more
b2evolution XSS Vulnerability Fix: Code Patch and Impact Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves failure to HTML-escape search terms and search URLs when generating HTML links, which may lead to cross-site scripting (XSS) attacks. ### Impact …

Read more
Spring Security JdbcOneTimeTokenService TOCTOU Race Condition (CVE-2026-22751)
spring.io · 2026-04-22

# CVE-2026-22751: Spring Security JdbcOneTimeTokenService Vulnerability Summary ## Overview - **CVE ID**: CVE-2026-22751 - **Severity**: Medium - **Release Date**: April 21, 2026 - **Description**: Ap…

Read more
Bagisto Custom Scripts XSS Vulnerability (CVE-2026-6745)
vuldb.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Bagisto up to 2.3.15 Custom Scripts cross site scripting - **Vulnerability Type**: Cross-Site Scripting (XSS) - **Vulnerability Description**: An u…

Read more
coturn STUN Attribute Parser Misaligned Memory Access Remote DoS on ARM64
github.com · 2026-04-22

### Vulnerability Overview **Vulnerability Name**: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) **Vulnerability Description**: - **Type**: Remote Denial of Service (D…

Read more
IDOR Vulnerability in Employee File Upload Endpoint Allowing Unauthorized Document Overwrite
github.com · 2026-04-22

# Vulnerability Summary: Unauthorized Document Overwrite via File Upload Endpoint ## Vulnerability Overview - **Type**: Insecure Direct Object Reference (IDOR) - **Description**: The employee document…

Read more
IDOR Vulnerability in Employee Document Viewer with PoC
github.com · 2026-04-22

# Vulnerability Summary: Insecure Direct Object Reference (IDOR) ## Vulnerability Overview * **Vulnerability Type**: Insecure Direct Object Reference (IDOR) * **Affected Component**: Employee Document…

Read more
PJMEDIA Opus Codec Heap Buffer Overflow Vulnerability and Fix
github.com · 2026-04-22

### Vulnerability Overview In the file `pjmedia/src/pjmedia-codec/opus.c`, there is a heap buffer overflow vulnerability. This vulnerability occurs during the decoding process due to the lack of bound…

Read more
Kyverno Apical ServiceCall Implicit Bearer Token Injection Vulnerability
github.com · 2026-04-22

# Kyverno Apical ServiceCall Implicit Bearer Token Injection Vulnerability Summary ## Vulnerability Overview Kyverno’s `apical` servicecall helper function has a security flaw when injecting `Authoriz…

Read more
CVE-2026-40867 Helpdesk IDOR Vulnerability with POC
github.com · 2026-04-22

# Vulnerability Summary: Helpdesk Attachment ID Manipulation ## Vulnerability Overview - **Vulnerability Type**: Insecure Direct Object Reference (IDOR) - **Description**: The Helpdesk attachment view…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.