Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
lxml CVE-2026-41866 XXE/LFI Vulnerability Advisory
bugs.launchpad.net · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Default local-file XXE / LFI in `etree.iterparse()` and `ETCompatXMLParser()` - **Vulnerability Type**: XXE / Local File Disclosure - **Description…

Read more
AWS Ops Wheel CVE-2026-6911 JWT Signature Verification Bypass Vulnerability
github.com · 2026-04-25

# AWS Ops Wheel Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel - **Severity**: Critical (9.8/10…

Read more
AWS Ops Wheel Privilege Escalation via Cognito Attribute (CVE-2026-6912)
github.com · 2026-04-25

# Vulnerability Summary: Privilege Escalation Vulnerability in AWS Ops Wheel ## Overview - **Vulnerability Name**: Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel - **…

Read more
Lightspeed Classroom CVE-2026-30368 Unauthenticated Remote Device Control Vulnerability Analysis
www.incognitotgt.me · 2026-04-25

# Lightspeed Classroom CVE-2026-30368 Vulnerability Summary ## Vulnerability Overview **CVE ID**: CVE-2026-30368 **Vulnerability Type**: Weak authentication leading to unauthorized remote student devi…

Read more
ClassroomIO CVE-2025-67259 Broken Access Control via API Method Manipulation
github.com · 2026-04-25

# Vulnerability Report Summary: Broken Access Control (CVE-2025-67259) ## Vulnerability Overview * **Vulnerability Name**: Broken Access Control via API Method Manipulation * **CVE ID**: CVE-2025-6725…

Read more
BridgeHead FileStore Apache Axis2 Default Credentials RCE (CVE-2026-39920)
gist.github.com · 2026-04-25

### Vulnerability Overview **Vulnerability Title**: BridgeHead Software - BridgeHead FileStore Apache Axis2 Default Credentials RCE **Disclosure Date**: April 24, 2026 **CVE ID**: CVE-2026-39920 **Vul…

Read more
HostBill Business Logic Vulnerability: Negative Balance Bypass Leading to DoS
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Business Logic Vulnerability - **Fix Date**: January 12, 2025 - **CVSS Score**: 3.9 - **Affected Component**: Client Management - Client Balance ##…

Read more
HostBill Client Area CAPTCHA Bypass and Rate Limit Bypass in Login Flow
github.com · 2026-04-25

# HostBill CVEs-2025 Vulnerability Summary ## Vulnerability Overview A **Rate Limit Bypass** and **CAPTCHA Bypass** vulnerability exists in the HostBill client application. Attackers can exploit this …

Read more
bookserver: Fix access control protocol vulnerability in QHttpServerRequest
invent.kde.org · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability Title**: bookserver: Use qrc: as access control protocol - **Description**: In the `bookserver.cpp` file, the usage of `QHttpServerRequest` and `Q…

Read more
bookserver Authentication Bypass Vulnerability Fix Analysis
invent.kde.org · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability Title**: `bookserver: Add authentication token` - **Vulnerability Type**: Authentication Bypass / Unauthorized Access - **Description**: In the `b…

Read more
Apache Airflow /dags endpoint nested entity authorization bypass fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves Apache Airflow's `/dags` endpoint failing to properly enforce access control when returning nested entities. Specifically, the nested en…

Read more
OVN CVE-2026-5367: OOB Read via Crafted DHCPv6 Leaking Heap Info
bugzilla.redhat.com · 2026-04-24

# Bug 2455863 (CVE-2026-5367) ## Vulnerability Overview Multiple versions of OVN (Open Virtual Network) contain a vulnerability where an attacker can trigger an out-of-bounds read by crafting maliciou…

Read more
Apache ActiveMQ Authenticated RCE via Code Injection (CVE-2026-41844)
activemq.apache.org · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') - **Vulnerability Description**: A vulnerability exists in Apa…

Read more
WordPress Plugin MaxiBlocks Unauthenticated Media File Deletion Vulnerability
www.wordfence.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability Name**: Maxi Blocks <= 2.1.8 - Missing Authorization Allows Authenticated Users (Author+) to Delete Media Files via `old_media_src` Parameter - **…

Read more
kuksa.val.v2 Authorization Bypass Vulnerability (CVE-2026-6272) with POC
gitlab.eclipse.org · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: Authorization bypass in kuksa.val.v2 allows read-scope provider hijack - **Description**: This vulnerability allows an attacker to hijack the read …

Read more
Kyverno Controller API Token Leakage Vulnerability and Fix
github.com · 2026-04-24

### Vulnerability Overview A security vulnerability exists in the Kyverno project, involving the leakage of API call tokens. This vulnerability allows an attacker to hijack API call tokens and gain un…

Read more
Kyverno Outbound API Token Replay Vulnerability and Fix
github.com · 2026-04-24

### Vulnerability Overview A security vulnerability exists in the Kyverno project, related to token management in API calls. Specifically, Kyverno uses a dedicated ServiceAccount token for outbound AP…

Read more
Kyverno ConfigMap Cross-Namespace Unauthorized Access Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves an access control issue for `configmap` in the Kyverno project. Specifically, access to `configmap` is restricted to only allow policies within t…

Read more
Kyverno apiCall SSRF Leading to ServiceAccount Token Leakage
github.com · 2026-04-24

# Kyverno ServiceAccount Token Leak Vulnerability Summary ## Vulnerability Overview Kyverno’s `apiCall` feature automatically attaches the admission controller’s ServiceAccount (SA) token to outbound …

Read more
Fix XSS in Markdown rendering via DOMPurify sanitization
github.com · 2026-04-24

### Vulnerability Overview The webpage screenshot shows a commit record of a GitHub repository, involving a fix for the Markdown rendering functionality. The specific issue is: when rendering Markdown…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.