Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23513+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Slah CMS Sensitive Data Disclosure Vulnerability (CVE-2026-30994) Analysis and POC
cve.joaopaulodeoliveira.dev · 2026-04-18

# CVE-2026-30994 - Slah Informática CMS Sensitive Data Disclosure Vulnerability Summary ## Vulnerability Overview Slah CMS contains a high-severity sensitive information disclosure vulnerability. The …

Read more
Schneider Electric PowerChute Serial Shutdown Vulnerabilities Analysis (CVE-2026-2399/2404/2402)
download.schneider-electric.com · 2026-04-18

# Schneider Electric PowerChute Serial Shutdown Vulnerability Summary ## Overview Schneider Electric’s PowerChute™ Serial Shutdown product contains multiple security vulnerabilities. This product is U…

Read more
Chamilo Course Catalog Access Control Fix (Role-based Security)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Description**: This vulnerability involves adding `CourseRelUserStateProcessor` and improving course catalog filtering l…

Read more
CVE-2026-30996: SoftSul SAC-NFe Unauthenticated Path Traversal
cve.joaopaulodeoliveira.dev · 2026-04-18

# CVE-2026-30996 - SoftSul SAC-NFe Unauthorized Path Traversal Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Unauthorized Path Traversal (Arbitrary File Read) * **CVE ID**:…

Read more
Siemens Analytics Toolkit Improper Certificate Validation (CVE-2025-40745)
cert-portal.siemens.com · 2026-04-18

# Siemens Security Advisory SSA-981622 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit * **CVE ID**…

Read more
Tiny File Manager v2.0 SSRF Vulnerability Analysis and POC
drive.google.com · 2026-04-18

# Tiny File Manager v2.0 SSRF Vulnerability Summary ## Vulnerability Overview The URL file upload feature in Tiny File Manager v2.0 contains a Server-Side Request Forgery (SSRF) vulnerability. When au…

Read more
CVE-2026-30993 Slah CMS Remote Code Execution Vulnerability and POC
cve.joaopaulodeoliveira.dev · 2026-04-18

# CVE-2026-30993 - Slah Informática CMS Remote Code Execution Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Slah Informática CMS Remote Code Execution (RCE) * **CVE ID**: C…

Read more
Chatbox MCP RCE Vulnerability Analysis and Exploitation (CVE-2024-XXXX)
github.com · 2026-04-18

# Vulnerability Summary: Chatbox MCP Remote Code Execution Vulnerability (CVE-2024-XXXX) ## Overview Chatbox v1.20.0 and earlier versions contain a critical remote code execution (RCE) vulnerability. …

Read more
ProcessWire CMS Admin SSRF Vulnerability Analysis
gist.github.com · 2026-04-18

# ProcessWire CMS SSRF Vulnerability Summary ## Vulnerability Overview A **Server-Side Request Forgery (SSRF)** vulnerability exists in the admin panel of ProcessWire CMS (v3.0.255). The flaw is locat…

Read more
KubePlus kubeconfigGenerator Command Injection Vulnerability (CVE-2026-29955)
gist.github.com · 2026-04-18

# KubePlus KubeconfigGenerator Command Injection Vulnerability (CVE-2026-29955) ## Vulnerability Overview This vulnerability exists in the `kubeconfiggenerator` component of KubePlus. When processing …

Read more
Rally Reset Password DOM-XSS Vulnerability Analysis
gist.github.com · 2026-04-18

# Vulnerability Summary: DOM-Based XSS Vulnerability in Rally Password Reset Functionality ## Overview * **Vulnerability Type**: DOM-Based Cross-Site Scripting (DOM-XSS) * **Severity**: Medium (CVSS 3…

Read more
FFmpeg zmqsend.c Potential Info Leak/DoS Vulnerability Analysis
ffmpeg.org · 2026-04-18

### FFmpeg Vulnerability Summary #### Vulnerability Overview - **File**: `zmqsend.c` - **Description**: This file is part of FFmpeg and is used to send ZMQ messages. There is a potential vulnerability…

Read more
warm-flow SpEL Expression Injection RCE Vulnerability Analysis
gitee.com · 2026-04-18

# warm-flow SpEL Expression Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: RCE via SpEL Expression Injection in warm-flow Workflow * **Vulnerability Type**: SpEL (…

Read more
Festo MSE6 Series Undocumented Test Mode Vulnerability (FSA-202304) Advisory
festo.csaf-tp.certvde.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability ID**: FSA-202304 - **Release Date**: 2023-09-05 - **Affected Products**: Multiple Festo product series, including MSE6-CM-5000, MSE6-CM-5000-FB43,…

Read more
fio 3.41 NULL Pointer Dereference via fdp_pil option (CWE-476)
gist.github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Description**: `fio` crashes when parsing a job file containing the `fdp_pil` option without a value. The parser passes `input` as `NULL` to the `str_fdp_p…

Read more
ytDownloader 3.20.2 Command Injection Vulnerability Analysis
gist.github.com · 2026-04-18

# ytDownloader Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability exists in the compressor feature of ytDownloader. The issue arises from using `child_…

Read more
ApostropheCMS Fix: Information Disclosure via Unfiltered publicApiProjection in query.project
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Security vulnerability - **Description**: In the file `piece-type/index.js`, the `query.project` method does not properly filter the `publ…

Read more
MaxKB tool.py Sandbox Spoofing Bypass Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Security Bypass Vulnerability (Spoofing Bypass) - **Affected Component**: Sandbox execution functionality in `tool.py` - **I…

Read more
MaxKB Sandbox Escape via LD_PRELOAD and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Sandbox Escape - **Exploitation Method**: Bypass sandbox restrictions via environment variable `LD_PRELOAD` - **Affected Component**: `app…

Read more
DataEase v2.10.21 Security Update: Fixes SQLi, Arbitrary File Read, Auth Bypass
github.com · 2026-04-18

### Vulnerability Overview DataEase v2.10.21 fixes multiple security vulnerabilities, mainly including SQL injection vulnerabilities, arbitrary file read vulnerabilities, runtime permission issues, SQ…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.