Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
WordPress Supply Chain Attack: Essential Plugin Backdoor Analysis and Remediation
anchor.host · 2026-04-18

# WordPress Plugin Supply Chain Attack Incident Summary ## Vulnerability Overview The attacker acquired a WordPress plugin developer named "Essential Plugin" and implanted backdoors into more than 30 …

Read more
Splunk Enterprise Improper Input Validation in User Account Creation (CVE-2026-20202)
advisory.splunk.com · 2026-04-18

# Summary of Improper Input Validation Vulnerability During User Account Creation in Splunk Enterprise ## Vulnerability Overview - **Title**: Improper Input Validation during User Account Creation in …

Read more
OpenStack Keystone LDAP 'enabled' Setting Boolean Parsing Vulnerability
bugs.launchpad.net · 2026-04-18

# OpenStack Identity (keystone) Vulnerability Summary ## Vulnerability Overview - **Vulnerability Title**: ldap identity backend 'enabled' setting not interpreted as boolean - **Vulnerability ID**: Bu…

Read more
jQuery 3.5.0 Release: Fix for XSS Vulnerability in htmlPrefilter Regex
blog.jquery.com · 2026-04-18

### Vulnerability Overview jQuery version 3.5.0 has been released, primarily containing security fixes. This version addresses a regular expression vulnerability that could lead to cross-site scriptin…

Read more
OpenEdge AdminServer Arbitrary File Read Vulnerability (CVE-2025-7389) and Mitigation
community.progress.com · 2026-04-18

# OpenEdge AdminServer Arbitrary File Read Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: OpenEdge AdminServer Arbitrary File Read Security Update (CVE-2025-7389) * **Vulner…

Read more
OpenStack Keystone LDAP User Enabled Attribute Bypass Vulnerability
bugs.launchpad.net · 2026-04-18

# OpenStack Keystone LDAP User Enabled Attribute Vulnerability Summary ## Vulnerability Overview A security vulnerability exists in the LDAP backend of OpenStack Identity (keystone). When the `user_en…

Read more
Progress OpenEdge OECHE1 Weakness Leads to Credential Leakage (CVE-2025-8001)
community.progress.com · 2026-04-18

# OpenEdge OECHE1 Password/Key Protection Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: 000298643 - **CVE ID**: CVE-2025-8001 - **Vulnerability Name**: Unintended Use of OECH…

Read more
Splunk Enterprise Data Model Acceleration Improper Access Control (CVE-2026-20203)
advisory.splunk.com · 2026-04-18

# Improper Access Control Vulnerability in Data Model Acceleration of Splunk Enterprise ## Vulnerability Overview - **Vulnerability Name**: Improper Access Control in Data Model Acceleration of Splunk…

Read more
Splunk Enterprise Improper Temp File Handling RCE (CVE-2026-20204)
advisory.splunk.com · 2026-04-18

# Summary of Improper Temporary File Handling and Insufficient Isolation Vulnerability in Splunk ## Overview * **Vulnerability Name**: Improper handling of specific temporary files and insufficient is…

Read more
libarchive CVE-2026-5121 Integer Overflow RCE Vulnerability Analysis
bugzilla.redhat.com · 2026-04-18

# Vulnerability Summary: CVE-2026-5121 ## Overview - **CVE ID**: CVE-2026-5121 - **Component**: libarchive - **Type**: Remote Code Execution (RCE) - **Cause**: Integer Overflow - **Trigger Scenario**:…

Read more
Keycloak Stored XSS Vulnerability Analysis (CVE-2026-37980)
bugzilla.redhat.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability ID**: Bug 2455325 (CVE-2026-37980) - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Component**: Keycloak (`org.keycloak.f…

Read more
CVE-2026-6383: KubeVirt Unauthorized Subresource Access via RBAC Flaw
bugzilla.redhat.com · 2026-04-18

### Vulnerability Overview - **CVE ID**: CVE-2026-6383 - **Vulnerability Name**: KubeVirt: Unauthorized subresource access due to improper RBAC evaluation - **Reported Date**: 2026-04-15 18:08 UTC - *…

Read more
Huawei HarmonyOS April 2026 Security Bulletin (CVE-2026-34853, UAF, LBS Bypass)
consumer.huawei.com · 2026-04-18

# Huawei Security Bulletin Summary (April 2026) ## Vulnerability Overview Huawei released its monthly security update in April 2026, including patches for Huawei-owned components and third-party libra…

Read more
Huawei HarmonyOS 6.0.0 April 2026 Security Bulletin (CVE-2026-34850, Race Conditions, Stack Overflow)
consumer.huawei.com · 2026-04-18

# Huawei PC Security Bulletin Summary (April 2026) ## Vulnerability Overview Huawei released its monthly security update for April 2026, which includes both Huawei proprietary patches and third-party …

Read more
Huawei Smartwatch HarmonyOS April 2026 Security Bulletin (CVE Summary)
consumer.huawei.com · 2026-04-18

# Huawei Smartwatch Security Bulletin Summary (April 2026) ## Vulnerability Overview Huawei has released the April 2026 security update for smartwatches, including both internal Huawei patches and thi…

Read more
Ubiquiti UniFi Play Firmware Vulnerability Advisory (CVE-2026-22563 to 22566)
community.ui.com · 2026-04-18

# UniFi Security Advisory Bulletin 063 Vulnerability Summary ## Vulnerability Overview This bulletin addresses multiple security vulnerabilities in the firmware of UniFi Play devices, including path t…

Read more
dnsmasq CVE-2026-6507: Out-of-bounds write in DHCP BOOTREPLY causing DoS
bugzilla.redhat.com · 2026-04-18

# Bug 2459191 (CVE-2026-6507) - dnsmasq: Denial of Service due to out-of-bounds write in DHCP BOOTREPLY processing ## Vulnerability Overview In `dnsmasq` version 2.92, when using the `--dhcp-split-rel…

Read more
CWE-427 Uncontrolled Search Path Element Vulnerability Analysis and Mitigation
cwe.mitre.org · 2026-04-18

# CWE-427: Uncontrolled Search Path Element ## Vulnerability Overview This vulnerability refers to products that use fixed or controlled search paths to locate resources, but one or more locations wit…

Read more
Siemens SCALANCE/RUGGEDCOM Web Interface Privilege Escalation (CVE-2022-31765)
cert-portal.siemens.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: SSA-552702: Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products - **Release Date**: 2022-10-11 - **Last Upda…

Read more
Siemens SCALANCE W-700 Wi-Fi Multiple Vulnerabilities Security Advisory (CVE-2020/2021/2022/2023)
cert-portal.siemens.com · 2026-04-18

# Siemens Security Advisory: Multiple Vulnerabilities in SCALANCE W-700 IEEE 802.11n Devices ## Vulnerability Overview Siemens SCALANCE W-700 IEEE 802.11n series devices contain multiple security vuln…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.