Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
NEMU RISC-V Vector Instruction Decode Mask Error Fix
github.com · 2026-04-21

# Vulnerability Summary: Decoding Mask Error for vsetvli/vsetivli/vsetvl Instructions in NEMU ## Overview In the NEMU emulator, there is an error in the decoding logic for the `vsetvli`, `vsetivli`, a…

Read more
NanoMQ HTTP API get_file URL Decoding Heap Buffer Overflow Vulnerability
github.com · 2026-04-21

# NanoMQ HTTP get_file Path Decoding Heap Buffer Overflow Vulnerability (#2247) ## Vulnerability Overview NanoMQ’s HTTP management API has a heap buffer overflow vulnerability when processing `GET /ap…

Read more
nanomq URLDecoding Buffer Overflow Fix
github.com · 2026-04-21

# Vulnerability Summary ## Overview In the `rest_api.c` file of the `nanomq` project, a fix has been applied to the URL decoding function `URLDecoding`. This function is used to process URL-encoded pa…

Read more
Fix for RISC-V RVV Instruction Decode Logic Error in decode.h
github.com · 2026-04-21

### Vulnerability Overview This vulnerability involves incorrect decoding logic for certain instructions in the file `src/isa/riscv64/instr/rvv/decode.h`. Specifically, in a previous commit, `vopm` wa…

Read more
Quarkus REST Service Memory Leak Vulnerability (CVE-2025-1634) Analysis
github.com · 2026-04-21

# Quarkus REST Service Memory Leak Vulnerability Summary ## Vulnerability Overview In Quarkus REST services, when a request fails due to reasons such as timeout, it can lead to memory leaks. Specifica…

Read more
Fix: Tool name normalization and conflict detection in media transfer
github.com · 2026-04-21

### Vulnerability Overview This vulnerability involves improper normalization of tool names during the tool media delivery process, leading to potential security risks. Specific manifestations include…

Read more
OpenClaw Webchat Local File Path Restriction Bypass Fix
github.com · 2026-04-21

# Vulnerability Summary ## Overview This vulnerability involves improper restriction of the local root directory (`localRoots`) inclusion in the Webchat audio embedding path. An attacker can bypass se…

Read more
OpenClaw Webchat Local Root Path Bypass Vulnerability (LFI/UNC)
github.com · 2026-04-21

# Webchat Media Embedding Local Root Path Restriction Bypass Vulnerability ## Vulnerability Overview The Webchat media embedding feature of OpenClaw has a security flaw. Before applying the configured…

Read more
Apartment Visitors Management System v1.1 SQL Injection and Stored XSS Vulnerabilities (CVE-2026-39109-39112) Analysis
github.com · 2026-04-21

# Apartment Visitors Management System CVEs Vulnerability Summary ## Vulnerability Overview This repository documents multiple security vulnerabilities discovered in **Apartment Visitors Management Sy…

Read more
v20.17.0 Security Advisory: Phar Deserialization, Path Traversal, Upload Bypass
github.com · 2026-04-21

### Vulnerability Overview In version `v20.17.0`, the following security vulnerabilities exist: 1. **Downgraded composer/composer (#5477)** 2. **Phar Deserialization (#5461)** 3. **Customer File Uploa…

Read more
OpenMage LTS Phar Deserialization RCE (CVE-2026-25524) Advisory and POC
github.com · 2026-04-21

# Phar Deserialization Leads to Remote Code Execution (RCE) ## Vulnerability Overview OpenMage LTS has a deserialization vulnerability when handling `phar://` stream wrapper paths. An attacker can upl…

Read more
Vexa Webhook SSRF Vulnerability Analysis and Reproduction
github.com · 2026-04-21

# SSRF Vulnerability Summary: Vexa Webhook Feature ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affected Component**: Vexa Webhook Feature - **Description…

Read more
Vexa Transcription-Collector IDOR Vulnerability and POC
github.com · 2026-04-21

# Vulnerability Summary: Vexa Transcription-Collector IDOR Vulnerability ## Vulnerability Overview The Vexa transcription collector service by default exposes an internal endpoint `GET /internal/trans…

Read more
OpenMage LTS Dataflow Path Traversal Vulnerability (CVE-2026-25525) Analysis
github.com · 2026-04-21

# Vulnerability Summary: Dataflow Module Path Traversal Filter Bypass ## Vulnerability Overview The Dataflow module of OpenMage LTS contains a path traversal vulnerability. The module uses `str_replac…

Read more
KissFFT kiss_fftr_alloc Integer Overflow Vulnerability and Fix
github.com · 2026-04-21

### Vulnerability Overview In the `kiss_fftr_alloc` function, there is an integer overflow vulnerability. This occurs when calculating `dimReal` and `dimOther`; if the product of `dim` and `ndims` exc…

Read more
OpenAEV Platform Unauthorized Access Vulnerability Fix
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a security issue in the password reset functionality of the OpenAEV platform. When users are not logged in, the system all…

Read more
OpenAEV CVE-2025-24467: Account Takeover via Improper Password Reset Token Management
github.com · 2026-04-21

# Vulnerability Summary: Improper Password Reset Token Management in OpenAEV Leads to Account Takeover ## Vulnerability Overview The password reset mechanism in OpenAEV contains critical security flaw…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability and POC
deepcool.com · 2026-04-21

# Vulnerability Overview This webpage screenshot shows a remote code execution (RCE) vulnerability related to **Apache ActiveMQ**. * **Vulnerability Name**: Apache ActiveMQ RCE * **CVE ID**: CVE-2023-…

Read more
Copilot-api v0.7.0 Wildcard CORS + Unauthenticated Token Endpoint Chained Attack
github.com · 2026-04-21

# Vulnerability Summary: Cross-Origin Token Theft via Wildcard CORS + Unauthenticated Token Endpoint ## Vulnerability Overview This is a chained attack that exploits two independent security weaknesse…

Read more
CVE-2024-40098: OpenMage Magento Cross-User Wishlist IDOR and File Disclosure
github.com · 2026-04-21

# Vulnerability Summary: OpenMage/magento-its Cross-User Wishlist Import Vulnerability ## Vulnerability Overview **CVE-2024-40098** **Severity: Moderate** **Affected Versions: load($itemId); $wishlist…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.