Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
fio 3.41 NULL Pointer Dereference via fdp_pil option (CWE-476)
gist.github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Description**: `fio` crashes when parsing a job file containing the `fdp_pil` option without a value. The parser passes `input` as `NULL` to the `str_fdp_p…

Read more
ytDownloader 3.20.2 Command Injection Vulnerability Analysis
gist.github.com · 2026-04-18

# ytDownloader Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability exists in the compressor feature of ytDownloader. The issue arises from using `child_…

Read more
ApostropheCMS Fix: Information Disclosure via Unfiltered publicApiProjection in query.project
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Security vulnerability - **Description**: In the file `piece-type/index.js`, the `query.project` method does not properly filter the `publ…

Read more
MaxKB tool.py Sandbox Spoofing Bypass Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Security Bypass Vulnerability (Spoofing Bypass) - **Affected Component**: Sandbox execution functionality in `tool.py` - **I…

Read more
MaxKB Sandbox Escape via LD_PRELOAD and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Sandbox Escape - **Exploitation Method**: Bypass sandbox restrictions via environment variable `LD_PRELOAD` - **Affected Component**: `app…

Read more
DataEase v2.10.21 Security Update: Fixes SQLi, Arbitrary File Read, Auth Bypass
github.com · 2026-04-18

### Vulnerability Overview DataEase v2.10.21 fixes multiple security vulnerabilities, mainly including SQL injection vulnerabilities, arbitrary file read vulnerabilities, runtime permission issues, SQ…

Read more
Online Course Registration v3.1 Arbitrary File Upload Vulnerability Analysis
github.com · 2026-04-18

# Online Course Registration System v3.1 Arbitrary File Upload Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Online Course Registration System v3.1 - Arbitrary File Upload …

Read more
Open Redirect Vulnerability in isvalidredirecturl Function Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves the implementation of the `isvalidredirecturl` function, which is used to validate whether a URL is safe in order to prevent open redire…

Read more
Fit2Cloud Sandbox SSRF Vulnerability Fix: connect/sendto/sendmsg Hooks
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Vulnerability Description**: In the sandbox environment, security restrictions can be…

Read more
MCP stdio Command Injection Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: MCP stdio Command Injection Vulnerability - **Fix Commit**: Commit `50e9600` - **Fix Description**: Use `ToolExecutor().vali…

Read more
Markdown Editor XSS Vulnerability Fix Analysis (Commit 7230daa)
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: XSS Attack in Markdown Editor - **Fix Commit**: Commit `7230daa` - **Fixed File**: `ui/src/chat.ts` ## Impact Scope - Involves XSS filteri…

Read more
MaxKB Stored XSS in EchartsRender Component via Eval Injection
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS Vulnerability in EchartsRender Component ## Overview There is an insecure JavaScript evaluation vulnerability (Eval Injection) in the Markdown rendering engine of M…

Read more
next-auth AuthClientProvider null/undefined domain handling flaw
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the `AuthClientProvider` class in the `next-auth` library. The specific issue is that when `AuthClientProvider` is instantiated, if the `domain` …

Read more
AsyncHttpClient Cross-Domain Redirect Credential Leakage Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the failure to properly strip credentials (such as `Authorization` and `Proxy-Authorization` headers) during cross-domain redirects and HTTPS-to-…

Read more
Apache Airflow 3.1.7 JWT Token Exposure in Task Logs Fix
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Title**: JWT tokens appearing in task logs #62428 - **Vulnerability Description**: JWT tokens are exposed in task logs, posing security risks. ### Impact S…

Read more
next-intl Middleware Open Redirect Fix via Path Sanitization
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves improvements in middleware pathname validation, specifically improper handling of special characters in paths (such as TAB, double slashes, backs…

Read more
Apache Airflow JWT Token Leakage in Logs Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary: Apache Airflow JWT Token Leakage ## Overview In Apache Airflow, when logging objects containing a `workload` (such as `ExecuteTask`), Pydantic’s automatically generated `__rep…

Read more
Stored XSS in Simple Chatbox PHP v1.0 msg parameter
github.com · 2026-04-18

# Stored Cross-Site Scripting (XSS) Vulnerability in the `msg` Parameter of Simple Chatbox PHP ## Vulnerability Overview A stored cross-site scripting (XSS) vulnerability exists in the message submiss…

Read more
Simple Chatbox PHP msg Parameter SQL Injection Vulnerability Analysis
github.com · 2026-04-18

# SQL Injection Vulnerability Summary: Simple Chatbox PHP `msg` Parameter ## Vulnerability Overview Simple Chatbox PHP v1.0 contains a SQL injection vulnerability where an attacker can inject maliciou…

Read more
MaxKB CSV Injection RCE via Chat Export (CVE-2025-39424)
github.com · 2026-04-18

# CSV Injection in Application Chat Export ## Vulnerability Overview The MaxKB application chat export feature contains a **CSV/Formula Injection** vulnerability. When an administrator exports applica…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.