Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode() · Advisory · OP-TEE/optee_os · GitHub
github.com · 2026-04-25

# RSASSA EMSA-PKCS1-v1_5 Underflow Vulnerability Summary ## Vulnerability Overview In the `emsap_kcs1_v1_5_encode()` function, there is an integer underflow risk when calculating the padding field "PS…

Read more
HTTP adapter streamed responses bypass maxContentLength · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# HTTP adapter streamed responses bypass maxContentLength ## Vulnerability Overview When Axios uses `responseType: 'stream'`, the returned response stream does not enforce the `maxContentLength` confi…

Read more
no_proxy bypass via IP alias allows SSRF · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# axios Security Vulnerability Summary ## Vulnerability Overview **Title**: no_proxy bypass via IP alias allows SSRF **CVE ID**: CVE-2026-42538 **Severity**: Moderate (CVSS v3 base metrics: 6.8 / 10) …

Read more
Integer Overflow in BitStreamReader on 32-bit platforms · Advisory · ndsev/zserio · GitHub
github.com · 2026-04-25

# Integer Overflow in BitStreamReader on 32-bit platforms ## Vulnerability Overview On 32-bit platforms, the `readBytes()` / `readString()` methods in `BitStreamReader.h` contain an integer overflow v…

Read more
Unbounded Memory Allocation in Deserialization · Advisory · ndsev/zserio · GitHub
github.com · 2026-04-25

# Unbounded Memory Allocation in Deserialization (CVE-2026-3524) ## Vulnerability Overview * **Vulnerability Name**: Unbounded Memory Allocation in Deserialization (反序列化中的无界内存分配) * **CVE ID**: CVE-202…

Read more
fix: improve the internal `setSafeProperty` to not allow setting prop… · josdejong/mathjs@513ab2a · GitHub
github.com · 2026-04-25

# MathJax Security Vulnerability Fix Summary ## Vulnerability Overview A security vulnerability exists in the MathJax library that allows an attacker to bypass restrictions of the internal `setSafePro…

Read more
Validate callback-returned lengths in PSK and cookie trampolines (#2607) · rust-openssl/rust-openssl@1d10902 · GitHub
github.com · 2026-04-25

### Vulnerability Overview This vulnerability involves the length value returned in PSK (pre-shared key) and cookie generation callbacks not being validated against the original buffer length. This ma…

Read more
Prototype Pollution Gadgets in axios: Response Tampering, Data Exfiltration, and Request Hijacking · Advisory · axios/ax
github.com · 2026-04-25

# Axios Prototype Pollution Vulnerability Summary ## Vulnerability Overview The Axios library has a prototype pollution vulnerability. An attacker can exploit a shared dependency to pollute `Object.pr…

Read more
Header Injection via Prototype Pollution · Advisory · axios/axios · GitHub
github.com · 2026-04-25

### Vulnerability Overview **Title**: Header Injection via Prototype Pollution **CVE ID**: CVE-2024-2035 **CVSS v3 base metrics**: 7.4 / 10 (High) **Severity**: High **Description**: A prototype pollu…

Read more
Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# Vulnerability Summary: Null Byte Injection in AxiosURLSearchParams ## Overview **Vulnerability Name**: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams **Severity**: Low (CVSS 3.7) *…

Read more
XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass · Advis
github.com · 2026-04-25

# XSS Vulnerability Summary: `` Tag Bypass in Astro `define:vars` ## Vulnerability Overview In Astro's Server-Side Rendering (SSR) pipeline, the `defineScriptVars` function uses a **case-sensitive** r…

Read more
Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 · Advisory · python-poetry/poetry · GitH
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 - **CVE ID**: CVE-2024-1140 - **CWE ID**: CWE-22 - **Description**:…

Read more
Release openssl-v0.10.78 · rust-openssl/rust-openssl · GitHub
github.com · 2026-04-25

# OpenSSL Vulnerability Summary ## Vulnerability Overview - **Version**: openssl-v0.10.78 - **Release Date**: 5 days ago - **Main Fixes**: - Fixed Bug Suite B flag assignment issue in `verify.rs`. - F…

Read more
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
Cache Poisoning in @astrojs/node due to malformed If-Match header handling
github.com · 2026-04-25

# Vulnerability Overview **Vulnerability Name**: Cache Poisoning due to incorrect error handling when If-Match header is malformed **Vulnerability Type**: Cache Poisoning **Severity**: Moderate **Desc…

Read more
Vim CVE-2017-6281 Command Injection via Tag File Backticks
github.com · 2026-04-25

### Vulnerability Overview - **CVE ID**: CVE-2017-6281 - **Vulnerability Type**: Command Injection - **Trigger Condition**: When a tag file contains backticks (`), Vim attempts to execute the commands…

Read more
OpenPrinting CUPS SNMP Buffer Overflow Vulnerability Fix Analysis
github.com · 2026-04-25

# Vulnerability Summary ## Overview A buffer overflow vulnerability exists in the OpenPrinting/cups project. During SNMP string processing, the `num_bytes` field is not properly bounded, which may lea…

Read more
CUPS SNMP Buffer Overflow Vulnerability Fix Analysis
github.com · 2026-04-25

# Vulnerability Summary ## Overview A buffer overflow vulnerability exists in the SNMP implementation of CUPS (Common UNIX Printing System). The issue occurs when processing SNMP string values, where …

Read more
CVE-2024-41079: CUPS SNMP Heap Out-of-Bounds Read Vulnerability and PoC
github.com · 2026-04-25

# Vulnerability Summary: CUPS SNMP Heap Out-of-Bounds Read Leaks Memory ## Vulnerability Overview * **Vulnerability Name**: Heap out-of-bounds read in SNMP supply-level polling * **CVE ID**: CVE-2024-…

Read more
lxml iterparse() Default XXE Vulnerability (CVE-2024-41096)
github.com · 2026-04-25

# Vulnerability Overview - **Vulnerability Title**: Default configuration of `iterparse()` and `ETCompatXMLParser()` allows XXE access to local files - **CVE ID**: CVE-2024-41096 - **CVSS Score**: 7.5…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.