Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
DjangoBlog Unauthenticated Cache Purge DoS via /clean Endpoint
github.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Vuln-4: Unauthenticated Cache Purge Endpoint - **Project**: DjangoBlog (https://github.com/liangliangyy/DjangoBlog) - **Version**: Latest master (c…

Read more
H3C Magic B1 Router Buffer Overflow Vulnerability Analysis
github.com · 2026-04-20

# H3C Magic B1 Router Buffer Overflow Vulnerability Summary ## Vulnerability Overview The H3C Magic B1 router has a serious buffer overflow vulnerability. This vulnerability allows an attacker to trig…

Read more
H3C Magic B1 Router Buffer Overflow Vulnerability Analysis
vuldb.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability ID**: #790977 - **Vulnerability Title**: New H3C Magic B1 <=100R004 buffer overflow - **Description**: The H3C Magic B1 router has a serious buffe…

Read more
SuperAGI VectorDB Management Endpoints Unauthorized Access Vulnerability
gist.github.com · 2026-04-20

# Vulnerability Summary: Unauthorized Access to SuperAGI Vector Database Management Endpoints ## Vulnerability Overview Three vector database (VectorDB) management endpoints in the SuperAGI framework …

Read more
DjangoBlog Hardcoded SECRET_KEY Vulnerability Analysis
github.com · 2026-04-20

# Vuln-3: Hardcoded Django SECRET_KEY ## Vulnerability Overview - **Project**: DjangoBlog - **Severity**: HIGH (OWASP: A02:2021 - Cryptographic Failures) - **CWE**: CWE-798: Use of Hard-coded Credenti…

Read more
SuperAGI IDOR Vulnerability Allows Cross-Organization Account Takeover
gist.github.com · 2026-04-20

### Vulnerability Overview - **Title**: IDOR in User Update Endpoint Allows Cross-Organization Account Takeover - **Description**: The endpoint `PUT /users/update/{user_id}` allows any authenticated u…

Read more
DjangoBlog up to 2.1.0.0 Hard-coded SECRET_KEY Credential Disclosure (CVE-2026-6578)
vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: liangliangyy DjangoBlog up to 2.1.0.0 Setting django blog/settings.py SECRET_KEY hard-coded credentials - **CVE ID**: CVE-2026-6578 - **CVSS Score*…

Read more
SuperAGI IDOR Authorization Bypass Vulnerability Analysis
vuldb.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability ID**: #791075 - **Vulnerability Name**: SuperAGI Authorization Bypass Vulnerability (via User-Controlled Key) - **Vulnerability Type**: CWE-639 (A…

Read more
Owntracks Unauthenticated GPS Data Injection (Broken Access Control)
github.com · 2026-04-20

# Vuln-2: Unauthenticated GPS Data Injection (OwnTracks) ## Vulnerability Overview * **Vulnerability Name**: Unauthenticated GPS Data Injection (OwnTracks) * **Severity**: CRITICAL * **Vulnerability T…

Read more
DjangoBlog logtracks Missing Authentication Vulnerability (CVE-2026-6577)
vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: liangliangyy DjangoBlog up to 2.1.0.0 logtracks Endpoint owntracks/views.py missing authentication - **Vulnerability ID**: CVE-2026-6577 - **CVSS S…

Read more
DjangoBlog WeChat Bot RCE via os.popen and Auth Bypass
github.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Vuln-1: WeChat Bot Remote Code Execution (RCE) - **Project**: DjangoBlog (https://github.com/liangliangyy/DjangoBlog) - **Version**: Latest master …

Read more
DjangoBlog WeChat Bot Interface Command Injection (CVE-2026-6576)
vuldb.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability Name**: LIANGLIANGYY DJANGOBLOG UP TO 2.1.0.0 WECHAT BOT INTERFACE COMMONAPI COMMANDHANDLER SOURCE COMMAND INJECTION - **CVE ID**: CVE-2026-6576 -…

Read more
Stored XSS in WordPress Embed Calendly Plugin (CVE-2026-32411)
www.wordfence.com · 2026-04-20

# EMC Scheduling Manager Stored Cross-Site Scripting Vulnerability Summary ## Overview - **Vulnerability Name**: EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scriptin…

Read more
Apache Struts 2 S2-046 RCE Vulnerability Advisory with POC
vulnplus-note.wetolink.com · 2026-04-19

# Vulnerability Overview This vulnerability exists in the **Apache Struts 2** framework, specifically as **S2-046**. An attacker can craft a malicious HTTP request and inject OGNL expressions via the …

Read more
OpenCart MaxD Lightning Module Deserialization Vulnerability (CVE-2025-0974)
vuldb.com · 2026-04-19

### Vulnerability Overview - **Vulnerability Name**: MaxD Lightning Module 4.43/4.44 on OpenCart li_op/md deserialization - **Vulnerability ID**: CVE-2025-0974 - **Vulnerability Type**: Deserializatio…

Read more
KodExplorer initInstall Path Authorization Bypass (CVE-2026-6570)
vuldb.com · 2026-04-19

# Vulnerability Summary: KodExplorer systemMember Class Initialization Path Authorization Bypass ## Vulnerability Overview * **Vulnerability Name**: Authorization bypass vulnerability in `initInstall`…

Read more
Java Base64.decode DoS Vulnerability Analysis
vulnplus-note.wetolink.com · 2026-04-19

## Vulnerability Overview This vulnerability exists in the `com.sun.org.apache.xerces.internal.impl.dv.util.Base64` class. An attacker can craft malicious input and exploit the `decode` method of this…

Read more
Apache Tomcat Multiple Vulnerabilities Advisory (CVE-2025-22870 to CVE-2025-22991)
vulnplus-note.wetolink.com · 2026-04-19

## Vulnerability Overview - **Vulnerability Name**: Multiple Vulnerabilities - **Vulnerability IDs**: CVE-2025-22870, CVE-2025-22871, CVE-2025-22872, CVE-2025-22873, CVE-2025-22874, CVE-2025-22875, CV…

Read more
EMQX Enterprise Cross-User Client ID Collision DoS Vulnerability with POC
github.com · 2026-04-19

# EMQX Enterprise Cross-User Client ID Conflict Leads to Denial of Service (DoS) ## Vulnerability Overview EMQX Enterprise versions 6.1.0 and earlier contain an access control flaw. An attacker can us…

Read more
Muucmf T6 CMS SQL Injection Vulnerability Analysis (CVE-2025-14383)
thinhneee.github.io · 2026-04-19

# Muucmf T6 CMS SQL Injection Vulnerability Summary ## Vulnerability Overview Muucmf T6 CMS (version v1.9.5.20260309) has a SQL injection vulnerability in the `keyword` parameter of the `/index/Search…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.