Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Freescout CVE-2024-40565 Stored XSS and CSS Injection via linkify()
github.com · 2026-04-22

# Vulnerability Overview **Title**: Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href **CVE ID**: CVE-2024-40565 **Severity**: Moderate (6.1 / 10) **Affected Versions**: a` 3. Wh…

Read more
CVE-2026-37748: Visitor Management System 1.0 Unrestricted File Upload RCE
github.com · 2026-04-22

# CVE-2026-37748 Vulnerability Summary ## Overview * **Vulnerability Name**: Visitor Management System 1.0 Unrestricted File Upload Leads to Remote Code Execution (RCE) * **CVE ID**: CVE-2026-37748 * …

Read more
Perl Storable Module CVE-2015-1592 Vulnerability Summary and POC
metacpan.org · 2026-04-22

# Vulnerability Summary: Storable Module CVE-2015-1592 ## Overview The Storable module contains a security vulnerability when detecting the third constructed metaobject vector, causing bless objects t…

Read more
Perl Storable Module Stack Overflow Leading to RCE Analysis
github.com · 2026-04-22

# Summary of Remote Code Execution Vulnerability in Perl Storable Module ## Overview The `Storable` module in Perl contains a serious security vulnerability that allows an attacker to trigger a stack …

Read more
Python asyncio AbstractEventLoop.sock_recvfrom_into buffer length check missing vulnerability
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Title**: `asyncio.AbstractEventLoop.sock_recvfrom_into()` on Windows doesn't check buffer length #148808 - **Vulnerability Type**: Missing buffer …

Read more
FreeScout SystemController Authentication Bypass and Info Disclosure (CVE-2024-40498)
github.com · 2026-04-22

# Vulnerability Summary: Authentication Bypass and Information Disclosure in SystemController ## Vulnerability Overview **Vulnerability Title**: Authentication Bypass and Information Disclosure in Sys…

Read more
FreeScout getWebCronHash Hash Prediction Vulnerability and Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview In the `freescout-help-desk` project, the `getWebCronHash()` function in `SystemController.php` contains a security vulnerability. This function is us…

Read more
Bouncy Castle JcaContentVerifierProviderBuilder Empty Signature Bypass Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This submission fixes a logic flaw in the `JcaContentVerifierProviderBuilder` class of the Bouncy Castle library. When verifying a digital signature, …

Read more
CVE-2026-5598: Bouncy Castle FrodoKEM Non-constant Time Comparison Leads to Private Key Leakage
github.com · 2026-04-22

# CVE-2026-5598 Vulnerability Summary ## Overview - **Title**: Non-constant time comparisons risk private key leakage in FrodoKEM. - **Description**: In the `tverify()` function of FrodoKEM, there is …

Read more
BouncyCastle FrodoKEM Side-Channel Vulnerability Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the sampling algorithm in the files `FrodoEngine.java` and `Noise.java`. The specific issue is that the sampling process is not constant-time, wh…

Read more
XiangShan NewCSR Shadow Write Vulnerability Fix
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: CSR (Configurable State Register) shadow write issue - **Problem Description**: In custom PMA (Physical Memory Attribute) CS…

Read more
Fortra GoAnywhere MFT Remote Code Execution Vulnerability with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the affected product…

Read more
Fortra GoAnywhere MFT RCE Vulnerability with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application…

Read more
Fortra GoAnywhere MFT Deserialization RCE Vulnerability
www.fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT contains a remote code execution vulnerability caused by an insecure deserialization issue in the `getTask` method of the `TaskServiceImpl` class within…

Read more
Fortra GoAnywhere MFT Multiple RCE Vulnerabilities and XZ Backdoor (CVE-2024-3094)
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has multiple security vulnerabilities, including: - **CVE-2024-3094**: Backdoor vulnerability in the XZ Utils compression library, affecting GoAnywhere …

Read more
Fortra GoAnywhere MFT RCE via Malicious SFTP Request with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can craft a malicious SFTP request to exploit this vulnerability and execute arbitrary commands o…

Read more
Mozilla Firefox 150 Security Advisory: Multiple CVEs (UAF, Privilege Escalation, Info Leak)
www.mozilla.org · 2026-04-21

# Mozilla Security Advisory 2026-30 ## Vulnerability Overview The Mozilla Foundation has released a security advisory indicating that multiple security vulnerabilities have been fixed in Firefox 150. …

Read more
Mozilla Firefox ESR 140.10 Security Advisory: Multiple CVEs (UAF, Privilege Escalation, Info Leak)
www.mozilla.org · 2026-04-21

# Mozilla Security Advisory 2026-32 Summary ## Vulnerability Overview The Mozilla Foundation has released a security advisory addressing multiple security vulnerabilities in Firefox ESR 140.10. The ad…

Read more
Mozilla Firefox ESR 115.35 Security Advisory: UAF, Info Leak, Privilege Escalation (CVE-2026-6746, 6749, 6750)
www.mozilla.org · 2026-04-21

# Mozilla Foundation Security Advisory 2026-31 ## Vulnerability Overview The Mozilla Foundation has released a security advisory addressing multiple security vulnerabilities fixed in Firefox ESR 115.3…

Read more
FreePBX API Key Generation Logic Flaw Analysis
github.com · 2026-04-21

### Vulnerability Overview The webpage screenshot shows a file named `Api.class.php`, which contains a potential vulnerability. The issue primarily involves the generation and management of API keys, …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.