Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23513+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Sonic Server File Upload Path Traversal Vulnerability Analysis
github.com · 2026-04-20

# Vulnerability Summary: Sonic Server File Upload Path Traversal Vulnerability (#2) ## Vulnerability Overview * **Vulnerability Type**: Path Traversal * **Affected Project**: Sonic Server (sonic-serve…

Read more
kdcproxy DoS Vulnerability (CVE-2023-39889) Analysis and Fix
github.com · 2026-04-20

### Vulnerability Overview This vulnerability involves a Denial of Service (DoS) issue in `kdcproxy`, based on unbounded TCP buffering. In the `Application._handle_recv` function, the next part of the…

Read more
Dify ImagePreview DOM-based XSS Vulnerability Analysis and Fix
gist.github.com · 2026-04-20

# Vulnerability Summary: DOM-based XSS Vulnerability in Dify ImagePreview Component ## Overview * **Vulnerability Title**: DOM-based XSS in ImagePreview Component via Unsanitized Filename * **Vulnerab…

Read more
Nuclei Expression Evaluation Panic Fix for Unresolved Variables
github.com · 2026-04-20

# Vulnerability Summary ## Overview In the `projectdiscovery/nuclei` project, there is a security issue related to expression evaluation. When using helper functions such as `{{base64}}`, if the passe…

Read more
Nuclei Expression Injection Vulnerability Fix Analysis
github.com · 2026-04-20

# Vulnerability Summary: Nuclei Expression Injection Fix ## Vulnerability Overview The Nuclei template engine has an expression injection vulnerability. The original implementation first replaced plac…

Read more
Nuclei v3.8.0 Fix: Env Var Disclosure via Response-Derived DSL Expressions
github.com · 2026-04-20

# Vulnerability Overview **Title**: Environment variable disclosure via Response-Derived DSL Expressions **Published by**: ehsandeep **Published Date**: 2 days ago **Severity**: Moderate (5.3 / 10) **…

Read more
Nuclei Template Expression Double Evaluation Fix
github.com · 2026-04-20

### Vulnerability Overview This vulnerability involves incorrectly evaluating expressions generated by templates. Specifically, after replacing placeholders, the `expressions.Evaluate()` function re-i…

Read more
SuperAGI WebScraperTool Full SSRF Vulnerability and POC
gist.github.com · 2026-04-20

# Vulnerability Summary: SuperAGI WebScraperTool SSRF Vulnerability ## Overview **Title**: Full SSRF via WebScraperTool allows authenticated users to access internal services and cloud metadata **Desc…

Read more
Blind SSRF in Dify <=0.6.9 via API Tool Remote Schema Fetch
gist.github.com · 2026-04-20

# Vulnerability Summary: Blind SSRF in Remote Schema Retrieval of API Tool ## Overview - **Title**: Blind Server-Side Request Forgery (SSRF) in Remote Schema Retrieval of API Tool - **Description**: A…

Read more
Dify SSRF Vulnerability (CVE-2026-6617) Analysis and POC
vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-6617 - **Vulnerability Type**: Server-side request forgery (SSRF) - **Vulnerability Description**: A vulnerability was discovered in the `…

Read more
SuperAGI Resource Upload Path Traversal Vulnerability Analysis
gist.github.com · 2026-04-20

# Vulnerability Summary: SuperAGI Resource Upload Endpoint Path Traversal Vulnerability ## Overview **Title**: Path Traversal in Resource Upload Endpoint Leads to Arbitrary File Write **Description**:…

Read more
LangGenius Dify <=0.6.9 Blind SSRF Vulnerability in ApiToolManageService
vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #792231 - **Vulnerability Name**: LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918) - **Vulnerability Type**: Server-Side Request Forger…

Read more
SuperAGI IDOR Vulnerability: Cross-Organization Project Access and Modification
gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: IDOR on Project Endpoint Allows Cross-Organization Project Access and Modification **Description**: The project management endpoint allows any authenticated user …

Read more
SuperAGI Agent Execution IDOR Vulnerability Analysis
gist.github.com · 2026-04-20

# Vulnerability Summary: IDOR Vulnerability in Agent Execution Endpoints ## Overview **Title**: IDOR Vulnerability in Agent Execution Endpoints Allows Reading and Controlling Any Agent’s Execution **D…

Read more
SuperAGI Path Traversal Vulnerability Analysis and POC (CVE-2024-xxxx)
vuldb.com · 2026-04-20

# Vulnerability Summary: SuperAGI Path Traversal Vulnerability (CVE-2024-xxxx) ## Overview The `upload` function in SuperAGI contains a path traversal vulnerability. When handling file uploads, the fu…

Read more
DjangoBlog Weak File Upload Authentication and CSRF Exemption Vulnerability Analysis
github.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Vuln-11: Weak File Upload Authentication + CSRF Exemption - **Project**: DjangoBlog (https://github.com/liangliangyy/DjangoBlog) - **Version**: Lat…

Read more
SuperAGI IDOR Vulnerability (CVE-639) Analysis and POC
vuldb.com · 2026-04-20

# Vulnerability Summary: SuperAGI Insecure Direct Object Reference Vulnerability (CVE-639) ## Overview The `get_agent_execution` and `update_agent_execution` methods in SuperAGI contain an insecure di…

Read more
WordPress Email Encoder Plugin Stored XSS Vulnerability (CVE-79)
wpscan.com · 2026-04-20

# WordPress Plugin Vulnerability Summary: Email Encoder <img src=x onerror=aler Trigger the XSS on pages or posts containing [eeb_protect_content]. ``` ## Additional Information - **Original Researche…

Read more
SuperAGI IDOR Vulnerability: Unauthorized Agent Deletion and Schedule Termination
gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: IDOR in Agent Management Allows Deleting Any Agent and Stopping Any Schedule **Description**: Multiple Agent management endpoints allow any authenticated user to …

Read more
SuperAGI IDOR Vulnerability (CVE-639) Authorization Bypass and POC
vuldb.com · 2026-04-20

# Vulnerability Summary: SuperAGI Authorization Bypass Vulnerability (CVE-639) ## Overview SuperAGI contains an insecure direct object reference (IDOR) vulnerability. In API endpoints such as `delete_…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.