Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23513+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
FreeScout getWebCronHash Hash Prediction Vulnerability and Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview In the `freescout-help-desk` project, the `getWebCronHash()` function in `SystemController.php` contains a security vulnerability. This function is us…

Read more
Bouncy Castle JcaContentVerifierProviderBuilder Empty Signature Bypass Fix
github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This submission fixes a logic flaw in the `JcaContentVerifierProviderBuilder` class of the Bouncy Castle library. When verifying a digital signature, …

Read more
CVE-2026-5598: Bouncy Castle FrodoKEM Non-constant Time Comparison Leads to Private Key Leakage
github.com · 2026-04-22

# CVE-2026-5598 Vulnerability Summary ## Overview - **Title**: Non-constant time comparisons risk private key leakage in FrodoKEM. - **Description**: In the `tverify()` function of FrodoKEM, there is …

Read more
BouncyCastle FrodoKEM Side-Channel Vulnerability Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the sampling algorithm in the files `FrodoEngine.java` and `Noise.java`. The specific issue is that the sampling process is not constant-time, wh…

Read more
XiangShan NewCSR Shadow Write Vulnerability Fix
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: CSR (Configurable State Register) shadow write issue - **Problem Description**: In custom PMA (Physical Memory Attribute) CS…

Read more
Fortra GoAnywhere MFT Remote Code Execution Vulnerability with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the affected product…

Read more
Fortra GoAnywhere MFT RCE Vulnerability with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application…

Read more
Fortra GoAnywhere MFT Deserialization RCE Vulnerability
www.fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT contains a remote code execution vulnerability caused by an insecure deserialization issue in the `getTask` method of the `TaskServiceImpl` class within…

Read more
Fortra GoAnywhere MFT Multiple RCE Vulnerabilities and XZ Backdoor (CVE-2024-3094)
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has multiple security vulnerabilities, including: - **CVE-2024-3094**: Backdoor vulnerability in the XZ Utils compression library, affecting GoAnywhere …

Read more
Fortra GoAnywhere MFT RCE via Malicious SFTP Request with POC
fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT has a remote code execution vulnerability. An attacker can craft a malicious SFTP request to exploit this vulnerability and execute arbitrary commands o…

Read more
Mozilla Firefox 150 Security Advisory: Multiple CVEs (UAF, Privilege Escalation, Info Leak)
www.mozilla.org · 2026-04-21

# Mozilla Security Advisory 2026-30 ## Vulnerability Overview The Mozilla Foundation has released a security advisory indicating that multiple security vulnerabilities have been fixed in Firefox 150. …

Read more
Mozilla Firefox ESR 140.10 Security Advisory: Multiple CVEs (UAF, Privilege Escalation, Info Leak)
www.mozilla.org · 2026-04-21

# Mozilla Security Advisory 2026-32 Summary ## Vulnerability Overview The Mozilla Foundation has released a security advisory addressing multiple security vulnerabilities in Firefox ESR 140.10. The ad…

Read more
Mozilla Firefox ESR 115.35 Security Advisory: UAF, Info Leak, Privilege Escalation (CVE-2026-6746, 6749, 6750)
www.mozilla.org · 2026-04-21

# Mozilla Foundation Security Advisory 2026-31 ## Vulnerability Overview The Mozilla Foundation has released a security advisory addressing multiple security vulnerabilities fixed in Firefox ESR 115.3…

Read more
FreePBX API Key Generation Logic Flaw Analysis
github.com · 2026-04-21

### Vulnerability Overview The webpage screenshot shows a file named `Api.class.php`, which contains a potential vulnerability. The issue primarily involves the generation and management of API keys, …

Read more
FREEI-2866: Command Injection in GraphQL Module via Unescaped Shell Args
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: FREEI-2866 - **Vulnerability Type**: Command Injection - **Vulnerability Description**: In the `moduleOperations` of the Graph…

Read more
Erlang/OTP SSH chroot Path Traversal Vulnerability (CVE-2026-32147)
github.com · 2026-04-21

# Vulnerability Overview **Vulnerability Name**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SFTP chroot **CVE ID**: CVE-2026-32147 **CVSS Score**: 5.3 / 10 (Mode…

Read more
Erlang SSH SFTP Root Directory Escape Vulnerability Fix Analysis
github.com · 2026-04-21

# Vulnerability Summary ## Overview - **Vulnerability Name**: SSH_FXP_FSETSTAT Root Directory Escape Vulnerability - **Description**: In the `ssh_xfpp.erl` file, the function `ssh_xfpp_fsetstat/4` con…

Read more
CVE-2026-32147: Erlang OTP ssh_sftpd SFTP chroot bypass vulnerability
cna.erlef.org · 2026-04-21

# CVE-2026-32147: SFTP chroot Bypass Vulnerability ## Vulnerability Overview A path traversal vulnerability (CWE-22) exists in the `ssh_sftpd` module of Erlang OTP. When an SFTP client uses the `SSH_F…

Read more
Erlang OTP SSH SFTP Path Traversal Vulnerability (CVE-2026-32147) Advisory
osv.dev · 2026-04-21

### Vulnerability Overview - **Vulnerability ID**: EEF-CVE-2026-32147 - **Vulnerability Type**: Path Traversal - **Description**: A vulnerability exists in the SSH SFTP module (`ssh_sftp`) of Erlang O…

Read more
Freescout <1.8.213 CSS Injection via Mailbox Signature Leads to CSRF Token Leakage (CVE-2026-40497)
github.com · 2026-04-21

# Vulnerability Summary: CSS Injection in Mailbox Signature (CSRF Token Leak) ## Vulnerability Overview * **Vulnerability Type**: CSS Injection / Cross-Site Scripting (XSS) * **CVE ID**: CVE-2026-4049…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.