Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
python-dotenv CVE-2026-28684 Symlink Following Arbitrary File Overwrite via set_key
github.com · 2026-04-21

# python-dotenv Symbolic Link Following Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fal…

Read more
CVE-2025-66954 Buffalo LinkStation IDOR Username Enumeration Vulnerability
github.com · 2026-04-21

# CVE-2025-66954 – Buffalo LinkStation Username Enumeration Vulnerability (IDOR) ## Vulnerability Overview Buffalo LinkStation firmware version 1.85-0.01 contains a vulnerability that allows unauthori…

Read more
python-dotenv symlink handling inconsistency vulnerability
github.com · 2026-04-21

### Vulnerability Overview - **Vulnerability Name**: Symbolic Link Handling Issue in `python-dotenv` Library - **Vulnerability Description**: In the `python-dotenv` library, the functions `dotenv.set_…

Read more
Yonyou GRP-U8 SQL Injection Vulnerability (CNVD-2021-49104) with POC
deepcreative.com · 2026-04-21

# Vulnerability Summary ## Overview **Vulnerability Name**: Yonyou GRP-U8 Administrative Institution Financial Management Software SQL Injection Vulnerability **Vulnerability ID**: CNVD-2021-49104 **V…

Read more
Doorman CVE-2026-30269 Privilege Escalation via Improper Access Control
blog.orxiain.life · 2026-04-21

# CVE-2026-30269 Vulnerability Summary ## Overview **CVE-2026-30269**: Doorman has improper access control, allowing privilege escalation. * **Vulnerability Type**: Improper Access Control * **Impact*…

Read more
Path Traversal Vulnerability Fix in LocalFolderExtractor
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview In the `LocalFolderExtractor` class, there is a path traversal vulnerability during file extraction. An attacker can craft malicious paths to cause fi…

Read more
Z-BlogPHP Arbitrary File Upload to RCE via App::unpack()
github.com · 2026-04-21

# Z-BlogPHP Theme and Plugin Arbitrary File Upload Vulnerability – Remote Code Execution (RCE) ## Vulnerability Overview The `App::unpack()` method in Z-BlogPHP only performs base64 decoding on the fi…

Read more
pip ZIP Parser Confusion Vulnerability (CVE-2026-3219) and Fix
github.com · 2026-04-21

# Vulnerability Summary ## Overview pip has a ZIP parser confusion attack vulnerability (CVE-2026-3219). This vulnerability stems from flawed logic in pip’s file type determination when extracting arc…

Read more
Unauthenticated RCE via PHP Code Injection in install process with patch details
github.com · 2026-04-21

### Vulnerability Overview - **Vulnerability Type**: Unauthenticated Remote Code Execution - **Root Cause**: PHP Code Injection - **Trigger Scenario**: During installation, via the `env.php` file - **…

Read more
OpenProject Cross-Project Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245)
github.com · 2026-04-21

# OpenProject Cross-Project Meeting Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245) ## Vulnerability Overview OpenProject has an **Unscoped Section Lookup** vulnerability. An attacker with the `m…

Read more
GitLab 2FA Brute Force (CVE-2020-3367) and Privilege Escalation Vulnerabilities
github.com · 2026-04-21

### Vulnerability Overview 1. **CVE-2020-3367 - 2FA OTP Verification Missing Rate Limiting** - **Description**: The 2FA OTP verification (`confirm_otp` operation) lacks rate limiting, locking mechanis…

Read more
Privilege Escalation via role_id Injection: Vulnerability Analysis and Fix
github.com · 2026-04-21

# Vulnerability Summary ## Overview - **Vulnerability Type**: Privilege Escalation - **Root Cause**: Injection vulnerability via `role_id` - **Reporter**: @ExKamy (member of Delta Obscura) - **Fix Com…

Read more
Fix for RCE via Malicious File Upload in Media.php
github.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Remote Code Execution (RCE) via Malicious File Upload - **Reporter**: @x4amy Hamed Kohi of Delta Obscura - **Description**: This vulnerability allo…

Read more
Vvweb 1.0.8.1 Vulnerabilities: Unauth RCE, SSRF, Privilege Escalation
github.com · 2026-04-20

### Vulnerability Overview In Vvweb version 1.0.8.1, multiple security vulnerabilities have been discovered, mainly including: 1. **Unauthenticated Remote Code Execution Vulnerability**: Occurs via PH…

Read more
Vvveb 1.0.8 File Upload to Stored XSS and RCE via Admin Account Creation
delta.cyberm.ca · 2026-04-20

# Vvveb 1.0.8 XSS Leading to Admin Backdoor Account Creation Vulnerability Summary ## Vulnerability Overview This vulnerability exists in Vvveb version 1.0.8. Users with `media/media/upload` and `medi…

Read more
SSRF Vulnerability Fix Analysis: validateUrl Function Implementation Details
github.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: Through the `EmbedProxy` feature, an attacker can craft malicious requests, causing …

Read more
Progress Kemp LoadMaster Multiple High-Severity Vulnerabilities (CVE-2026-3517/3518/3519/4048/21876) and Patch Guide
community.progress.com · 2026-04-20

### Vulnerability Overview Progress Kemp LoadMaster has confirmed a series of high-severity vulnerabilities, including: - **CVE-2026-3517**: Command injection remote code execution vulnerability - **C…

Read more
CVE-2026-33558: Apache Kafka Information Disclosure Vulnerability
lists.apache.org · 2026-04-20

# CVE-2026-33558: Apache Kafka Information Disclosure Vulnerability ## Vulnerability Overview The `NetworkClient` component of Apache Kafka outputs complete request and response information to the log…

Read more
X.org Xserver & Xwayland Security Advisory: UAF and Overflow CVEs
lists.x.org · 2026-04-20

# X.org Security Advisory: Multiple Security Issues ## Vulnerability Overview Multiple security issues have been identified in the X.org server and Xwayland implementations, involving the following th…

Read more
Path Traversal in p2r/convert buildCache.js (CVE-22)
github.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability Type**: Path Traversal - **CVE ID**: CVE-22 - **Severity**: High (CVSS v3.1: 7.5) - **Affected Component**: buildCache.js - **Description**: A sec…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.