Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
OpenXiangShan Processor M-mode Illegal Instruction Exception Handling Defect
github.com · 2026-04-21

# Vulnerability Summary ## Overview The OpenXiangShan processor fails to correctly handle specific sequences of illegal instructions in M-mode. When an illegal instruction exception is triggered, the …

Read more
Spinnaker clouddriver gitrepo RCE Vulnerability Summary (CVE-2026-32604)
github.com · 2026-04-21

# Vulnerability Summary ## Overview - **Vulnerability Name**: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths - **Vulnerability Type**: Remote Code…

Read more
Xiangshan Processor xstatus WPRI Field Violation via menvcfg Access
github.com · 2026-04-21

# Vulnerability Summary: Unexpected Modification of WPRI Field in xstatus in Xiangshan ## Vulnerability Overview In the Xiangshan processor, when performing specially crafted read or write operations …

Read more
Fix for RISC-V Mstatus SDT bit logic defect in MstatusModule
github.com · 2026-04-21

### Vulnerability Overview - **Vulnerability Name**: `fix(dbtpr): fix sdt/dte interaction logic` - **Description**: This vulnerability involves an issue with the interaction logic between `memcfg.DTE`…

Read more
Fix CSR_SIP/SIE read/write logic error in RISC-V V mode (OpenXiangShan/NEMU)
github.com · 2026-04-21

### Vulnerability Overview - **Vulnerability Title**: `fix(csr): fix set/get sip/sie in V mode #938` - **Vulnerability Description**: This vulnerability involves incorrect `set` and `get` operations o…

Read more
NEMU mstateen0 Access Control Bypass for stopei/stvip Registers
github.com · 2026-04-21

# IMSIC Does Not Control Access in mstateen0 (#691) ## Vulnerability Overview In NEMU, when the `IMSIC` bit of `mstatus` is set to 1, `mstateen0` fails to properly control access to the `stopei` and `…

Read more
RISC-V Smstateen/Ssstateen Extension Covert Channel Defense Mechanism
docs.riscv.org · 2026-04-21

# RISC-V "Smstateen/Ssstateen" Extension Security Mechanism Summary ## Vulnerability Overview This document describes the state enablement extensions (Smstateen/Ssstateen) designed in the RISC-V archi…

Read more
NEMU mstateen0 ENVCFG Access Control Bypass in henvcfg/senvcfg
github.com · 2026-04-21

# Vulnerability Summary: ENVCFG Access Not Controlled in mstateen0 ## Vulnerability Overview In the NEMU emulator, when the `ENVCFG` bit of the `mstateen0` register is cleared, access to the `henvcfg`…

Read more
CVE-2025-34403: Cross-Site WebSocket Hijacking (CSWSH) Leading to RCE
github.com · 2026-04-21

# Vulnerability Summary: Cross-Site WebSocket Hijacking (CSWSH) ## Vulnerability Overview * **Vulnerability Name**: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocke…

Read more
CVE-2026-33031: nginx-ui Disabled Users Retain API Access via JWT Tokens
github.com · 2026-04-21

# Vulnerability Summary: Disabled Users Retain Full API Access Through Previously Issued Bearer Tokens ## Vulnerability Overview - **Title**: Disabled users retain full API access through previously i…

Read more
rox-wi auth.py authentication and authorization code analysis
github.com · 2026-04-21

### Vulnerability Overview The webpage screenshot shows the `auth.py` file from a project named `rox-wi`, which contains multiple functions related to authentication and permission management. These f…

Read more
Roxy-WI Pre-Auth LDAP Injection Authentication Bypass (CVE-2026-3342)
github.com · 2026-04-21

# Vulnerability Summary: Pre-Authentication LDAP Injection Leads to Authentication Bypass ## Vulnerability Overview When LDAP authentication is enabled in Roxy-WI, the system constructs the LDAP searc…

Read more
InternLM lmdeploy SSRF and Code Execution Vulnerability Fix Guide
github.com · 2026-04-21

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: The `eval` function is used in PyTorch configuration parsing, posing a security risk…

Read more
Imdeploy SSRF Vulnerability Fix and is_safe_url Implementation
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview This submission fixes security vulnerabilities in the `InternLM/Imdeplopy` project, mainly involving **missing URL safety validation** and **improper …

Read more
LMdeploy VL Module SSRF Vulnerability and Fix
github.com · 2026-04-21

# Vulnerability Summary: SSRF Vulnerability in LMdeploy Visual Language Model ## Overview In the visual language module of LMdeploy, the `load_image()` function contains a Server-Side Request Forgery …

Read more
Roxy-WI Path Traversal Vulnerability (CVE-2025-33431) and Exploitation Chain
github.com · 2026-04-21

# Vulnerability Summary: Path Traversal Vulnerability in Roxy-WI Configuration Version Viewer ## Vulnerability Overview The `/config/show` API endpoint of Roxy-WI has an **authentication bypass arbitr…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC
www.wordfence.com · 2026-04-21

# Vulnerability Summary ## Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Type**: Remote Code Execution (RCE) **Description**: Ap…

Read more
Flowinsight CVE-2025-32311 Command Injection Leading to Docker Container Escape
github.com · 2026-04-21

# Summary of Command Injection and Docker Container Escape Vulnerabilities ## Vulnerability Overview **Title**: Command Injection and Docker container escape allows root on host machine **Published by…

Read more
NEMU/XiangShan henvcfg/menvcfg CSR Register Dependency Mismatch Vulnerability
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview In the NEMU and XiangShan simulators, there is an inconsistency in the dependency relationship between the `henvcfg` and `menvcfg` CSR registers. * **…

Read more
NanoMQ CVE-2025-32135 Heap Buffer Overflow in URI Parameter Parsing
github.com · 2026-04-21

# Vulnerability Summary: Heap Buffer Overflow in NanoMQ URI Parameter Parsing ## Overview A remotely triggered heap buffer overflow vulnerability exists in the `uri_param_parse` function within NanoMQ…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.