Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
FreeScout Information Disclosure: Non-folder Queries Bypass Assigned-Only Restrictions
github.com · 2026-04-22

# Vulnerability Summary: Non-folder conversation queries disclose assigned-only hidden conversations ## Vulnerability Overview This vulnerability exists in the `freescout` software. Due to the global …

Read more
Atlassian April 2026 Security Bulletin: 31 High/Critical CVEs including RCE in Confluence
confluence.atlassian.com · 2026-04-22

# Atlassian Security Bulletin Summary – April 21, 2026 ## Vulnerability Overview This security bulletin includes **31 high-severity vulnerabilities** and **7 critical vulnerabilities**, affecting mult…

Read more
Unauthorized Access: MailboxesController Settings Modification Bypass
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the `updateSave` and `updateSave` methods in the `MailboxesController.php` file. When updating settings, if the `chat_start_new` parameter is set…

Read more
FreeScout Help Desk ConversationsController Bypass of Access Control in Search
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the `ConversationsController.php` file in the `freescout-help-desk` project. The specific issue is that user permissions are not properly filtere…

Read more
Tenda W30EV2.0 Command Injection Vulnerability and POC
github.com · 2026-04-22

# Vulnerability Summary ## Overview Tenda W30EV2.0 version V16.01.21 contains a command injection vulnerability. An attacker can execute arbitrary commands by crafting a malicious `hostname` parameter…

Read more
Stored XSS in Twenty CRM BlockNote via FileBlock
github.com · 2026-04-22

# Vulnerability Summary: Stored XSS via BlockNote FileBlock ## Overview - **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) - **Affected Component**: BlockNote editor component - **Root…

Read more
Tenda W30EV2.0 Firmware Command Injection Vulnerability Analysis
github.com · 2026-04-22

# Tenda W30EV2.0 Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability exists in the firmware V16.01.0.21 of Tenda W30EV2.0. An attacker can execute arbit…

Read more
Atlassian Bamboo Data Center OS Command Injection Vulnerability (CVE-2026-21571) Advisory
jira.atlassian.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: OS Command Injection in Bamboo Data Center - **CVE ID**: CVE-2026-21571 - **CVSS Score**: 9.4 - **CVSS Vector**: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/VC:H/…

Read more
CVE-2024-40581: SmartOp Vote Logic Error Causes Fatal Node Halt
github.com · 2026-04-22

# SmartOp Vote Path Triggers Fatal Supply Invariant Halt ## Vulnerability Overview - **Vulnerability Name**: SmartOp Vote Path Triggers Fatal Supply Invariant Halt - **Vulnerability Type**: Logic Erro…

Read more
CVE-2024-40589: Cross-Mailbox Email Takeover Vulnerability with PoC
github.com · 2026-04-22

# Vulnerability Summary: Customer Edit Cross-Mailbox Email Takeover ## Vulnerability Overview - **Vulnerability Name**: Customer Edit Cross-Mailbox Email Takeover - **Severity**: High (7.6 / 10) - **C…

Read more
FreeScout load_customer_info Broken Access Control to PII
github.com · 2026-04-22

# Vulnerability Summary: load_customer_info Lacks Authorization Check ## Overview In the `load_customer_info` operation of `freescout-help-desk`, the system returns complete customer profile data via …

Read more
CustomersController Insecure Direct Object Reference Fix and POC Analysis
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This vulnerability allows an attacker to move a customer's email from an inaccessible mailbox to an accessible one, thereby bypassing access control r…

Read more
FreeScout CVE-2024-40569 Mass Assignment Vulnerability and Exploitation
github.com · 2026-04-22

# Vulnerability Summary: Mass Assignment Vulnerability in FreeScout Mailbox Connection Settings ## Overview - **Vulnerability Name**: Mass Assignment in Mailbox Connection Settings Enables Silent Emai…

Read more
FreeScout Mailbox Configuration Parameter Injection Fix and Filter Logic Analysis
github.com · 2026-04-22

### Vulnerability Overview The webpage screenshot shows a code commit record for the `freescout-help-desk` project. The commit involves adding field restrictions to the mailbox retrieval and sending s…

Read more
CVE-2024-40585: Password Reset Token No Expiry Window Vulnerability Analysis
github.com · 2026-04-22

# Vulnerability Summary: Password Reset Tokens Have No Expiry Window ## Vulnerability Overview **Title**: Password Reset Tokens Have No Expiry Window **CVE ID**: CVE-2024-40585 **Severity**: High (7.4…

Read more
BACnet Stack CVE-2024-65279 Signed Left Shift UB Vulnerability and Fix
github.com · 2026-04-22

### Vulnerability Overview **Vulnerability Name**: Undefined-behavior signed left shift in `decode_signed32()` **Description**: In the file `src/bacnet/bacnet.c`, the `decode_signed32()` function uses…

Read more
CVE-2026-0574: OAuth2 Proxy Authorization Bypass via Malformed Email Claims
github.com · 2026-04-22

# Vulnerability Overview **Title**: Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims **CVE ID**: CVE-2026-0574 **Severity**: Moderate (CVSS v3 base metrics: 8.8 / 10)…

Read more
Unauthorized Access Vulnerability: Customer Data Leakage in Phone Conversation Creation
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves an issue with checking customer visibility when creating phone conversations. Specifically, there is a logic error in the code that may lead to u…

Read more
Tekton Pipeline Resolvers Privilege Escalation via Unchecked Secret Access
github.com · 2026-04-22

# Vulnerability Summary: Tekton Pipeline Privilege Escalation Risk ## Vulnerability Overview The Git and HTTP resolvers of Tekton Pipeline do not perform authorization checks when reading Kubernetes S…

Read more
Tekton Pipelines git resolver API token leakage vulnerability (GHSA-2d5r-9pm-2w5c)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Git resolver API mode leaks system-configured API token to user-controlled serverURL - **Vulnerability Description**: In API mode, Tekton Pipelines…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.