Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Tekton Git Resolver Cross-Namespace Credential Leakage Fix
github.com · 2026-04-22

# Vulnerability Summary ## Overview The `api-token-secret-namespace` ConfigMap configuration of the Git resolver allows administrators to configure cross-namespace API token authentication. When this …

Read more
FreeScout CVE-2024-40591 Improper Authorization Vulnerability and POC
github.com · 2026-04-22

# Vulnerability Summary: FreeScout Improper Authorization Allows Hidden Customer Modification Across Mailboxes ## Vulnerability Overview **Title**: Improper Authorization in Phone Conversation Creatio…

Read more
FreeScout CVE-2025-40592 Insecure Direct Object Reference POC for Undo Reply
github.com · 2026-04-22

# Vulnerability Summary: Cross-user undo reply allows mailbox peers to recall another agent's outbound reply ## Vulnerability Overview - **Vulnerability Type**: Insecure Direct Object Reference / Auth…

Read more
Login Endpoint Lacks Rate Limiting: Brute-Force Vulnerability Analysis
github.com · 2026-04-22

# Vulnerability Summary: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection ## Vulnerability Overview - **Vulnerability Type**: Login interface lacks rate limiting, lockout mechan…

Read more
Unauthorized Access Vulnerability Fix Analysis in ConversationsController (IDOR)
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves improper verification of customer accessibility when switching conversation customers. It may lead to unauthorized users accessing or modifying c…

Read more
CVE-2024-40576: Path Traversal Vulnerability in excel-mcp-server
github.com · 2026-04-22

# excel-mcp-server Path Traversal Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: excel-mcp-server str: """Get full path to Excel file.""" if EXCEL_FILES_PATH is None: # Studio…

Read more
FreeScout <1.8.214 Customer Information Hijacking via AJAX Endpoint
github.com · 2026-04-22

# Vulnerability Summary: Customer AJAX Create Modifies Hidden Existing Customer ## Overview This vulnerability exists in the `/customers/ajax` endpoint of FreeScout. In limited visibility mode, the en…

Read more
Crafty v4.10.2 IDOR Vulnerability: USER_CONFIG users can disable/modify other accounts via PATCH /api/v2/users
gitlab.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Name**: IDOR in PATCH /api/v2/users/{user_id} allows USER_CONFIG users to disable or modify other users' accounts - **Vulnerability Type**: Insecu…

Read more
Textpattern 4.9.1 Security Update: CVE-2026-29906 Stored XSS and Access Control Fix
textpattern.com · 2026-04-22

### Vulnerability Overview Textpattern version 4.9.1 has been released, including security fixes, patches, and improvements. It primarily addresses two security vulnerabilities: 1. **Authenticated Sto…

Read more
GitLab Trusted Resources URL Parsing Bypass Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves improper handling of the `git` prefix when parsing and matching resource URLs, leading to potential security issues. Specific manifestations incl…

Read more
CVE-2020-20067: October CMS Safe Mode Bypass via CSS Preprocessor Compilers
github.com · 2026-04-22

# Vulnerability Overview - **Vulnerability Name**: Safe Mode Bypass via CSS Preprocessor Compilers - **Vulnerability ID**: GHSA-3888-q23f-x7qh - **Severity**: Moderate (4.9 / 10) - **CVSS v3 Score**: …

Read more
Tekton CVE-2025-2542 VerificationPolicy Regex Bypass via Substring Matching
github.com · 2026-04-22

### Vulnerability Overview **Title**: VerificationPolicy regex pattern bypass via substring matching **CVE ID**: CVE-2025-2542 **Severity**: Medium (CVSS 5.3–6.3) **Description**: This vulnerability a…

Read more
FreeScout HTML Injection in Email Signature via Unsanitized Name Variables
github.com · 2026-04-22

# Vulnerability Summary: HTML Injection in FreeScout Email Signature Variables ## Vulnerability Overview In FreeScout, unauthenticated attackers can inject arbitrary HTML into outbound emails generate…

Read more
FreeScout Stored XSS in Mailbox Signature via Incomplete HTML Sanitization
github.com · 2026-04-22

# XSS via Mailbox Signature Due to Incomplete HTML Sanitization ## Vulnerability Overview The mailbox signature feature in FreeScout contains a stored cross-site scripting (XSS) vulnerability. The `He…

Read more
XSS Vulnerability Fix in User Creation Controller
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves a failure to sanitize tags in user names during user creation, which may lead to potential security issues. ### Impact Scope - **File**: `app/Htt…

Read more
Mailbox Hostname Validation Bypass Fix Analysis
github.com · 2026-04-22

# Vulnerability Summary ## Overview This commit fixes a hostname validation vulnerability in mail settings verification. The original code used the `safehost` rule to validate hostnames, but this rule…

Read more
FreeScout <1.8.213 Authenticated SSRF Vulnerability and Patch Details
github.com · 2026-04-22

# SSRF via IMAP/SMTP Connection Test Endpoints ## Vulnerability Overview The FreeScout email system has a Server-Side Request Forgery (SSRF) vulnerability. In the IMAP/SMTP connection test feature, th…

Read more
Seeyon OA A8 htmlfileservlet File Upload RCE POC
web.archive.org · 2026-04-22

### Seeyon OA A8 htmlfileservlet getshell (POC&EXP) #### Vulnerability Overview - **Vulnerability Name**: Seeyon OA A8 htmlfileservlet getshell - **Vulnerability Type**: File Upload Vulnerability - **…

Read more
Seeyon OA A8 htmlofficeservlet RCE Vulnerability and POC
wiki.96.mk · 2026-04-22

### Zhiyuan OA A8 htmlofficeservlet Getshell Vulnerability #### Vulnerability Overview This vulnerability exists in the `htmlofficeservlet` component of Zhiyuan OA A8. An attacker can construct specif…

Read more
FreeScout linkify() XSS Vulnerability Fix Analysis
github.com · 2026-04-22

# Vulnerability Summary ## Overview In the `freescout-help-desk` project, the `linkify()` function in the file `app/Misc/Helper.php` has an issue of **improperly escaped output**, which may lead to **…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.