Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Bouncy Castle AEAD chunk size validation bypass vulnerability and fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves insufficient validation of chunk size during AEAD (Authenticated Encryption with Associated Data) processing. Specifically, when parsing AEAD enc…

Read more
ApostropheCMS publicApiProjection Bypass Leads to Unauthenticated Information Disclosure
github.com · 2026-04-18

# Vulnerability Summary: ApostropheCMS `publicApiProjection` Bypass ## Vulnerability Overview In the `@apostrophecms/piece-type` module, the `getRestQuery` method contains a logic flaw. When an unauth…

Read more
Apache PDFBox ExtractEmbeddedFiles Directory Traversal Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Title**: Improve directory boundary check in ExtractEmbeddedFiles example #427 - **Vulnerability ID**: #427 - **Status**: Closed - **Reporter**: M…

Read more
Apostrophe CMS Information Disclosure via choices/counts Parameters (CVE-2026-30857)
github.com · 2026-04-18

# Vulnerability Summary: Apostrophe CMS Information Disclosure Vulnerability ## Vulnerability Overview **Title**: Information Disclosure via 'choices'/'counts' Query Parameters Bypassing publicApiProj…

Read more
sanitize-html allowedTags Bypass via Entity-Decoded Text Leading to Stored XSS
github.com · 2026-04-18

### Vulnerability Overview **Title**: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements **Description**: - **Vulnerability Type**: Bypass of `allowedTags` restriction vi…

Read more
Stored XSS in @apostrophecms/color-field via CSS Custom Property Injection
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` ## Vulnerability Overview In the `@apostrophecms/color-field` module, there is a CSS custom proper…

Read more
ChilliCream GraphQL Parser Depth Limit Bypass Leading to DoS Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves a depth limitation issue in the GraphQL parser. Specifically, the parser does not effectively limit the depth of queries when processing GraphQL …

Read more
AsyncHttpClient CVE-2026-40490 Authorization Credentials Leaked on Cross-Origin Redirects
github.com · 2026-04-18

# Vulnerability Overview **Title**: Authorization credentials leaked to untrusted domains on cross-origin redirects **CVE ID**: CVE-2026-40490 **CVSS Score**: 6.8 / 10 **Severity**: Moderate **Release…

Read more
Authzed SpiceDB CVE-2026-40091 Vulnerability Advisory and Patch
github.com · 2026-04-18

### Vulnerability Overview - **CVE ID**: CVE-2026-40091 - **Severity**: Medium ### Affected Scope - **Affected Version**: v1.51.1 ### Remediation - **Fixed Version Released**: v1.51.1 - **Docker Image…

Read more
KubePlus kubeconfigGenerator OS Command Injection Vulnerability (CVE-2026-29955)
github.com · 2026-04-18

# KubePlus KubeconfigGenerator Command Injection Vulnerability (CVE-2026-29955) ## Vulnerability Overview * **Vulnerability Type**: OS Command Injection (CWE-78) * **Affected Component**: The `kubecon…

Read more
Bouncy Castle GOST3413CTR Ciphertext Repeat Vulnerability and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview The implementation of GOST 3413 in CTR mode within the Bouncy Castle library contains a logic flaw that may lead to duplicate ciphertext blocks under specific condi…

Read more
CVE-2024-53412: Command Injection Vulnerability and PoC Analysis
github.com · 2026-04-18

### Vulnerability Overview **CVE ID**: CVE-2024-53412 **Vulnerability Type**: Command Injection **Affected Component**: `connect()` function in `ssh.go` **Attack Type**: Local **Impact**: Remote Code …

Read more
Axios v0.x Header Injection and Proxy Bypass Vulnerability Fix
github.com · 2026-04-18

# Axios Security Vulnerability Fix Summary ## Vulnerability Overview Axios v0.x versions have security hardening issues, mainly involving: - Outbound request header values are not properly sanitized (…

Read more
HummerRisk 1.5.0 Stored XSS Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: HummerRisk Stored Cross-Site Scripting (XSS) ## Vulnerability Overview * **Vulnerability Name**: HummerRisk Stored Cross-Site Scripting (Stored XSS) * **Vulnerability ID**: Hu…

Read more
libvips im_minpos_vec Heap Buffer Overflow Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview There is a heap buffer overflow (Out-of-Bounds Read) vulnerability in the `im_minpos_vec` function. The issue occurs in the file `libvips/deprecated/vips7compat.c`, specific…

Read more
Linux Kernel IRQ Ownership Check Bypass Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the interrupt management functionality in the Linux kernel, specifically failing to properly verify whether the current task owns the interrupt w…

Read more
Deer-Flow Bootstrap Mode Agent Name Validation Bypass Analysis
github.com · 2026-04-18

# Vulnerability Summary: Deer-Flow Bootstrap Mode Agent Name Validation Bypass ## Overview This vulnerability involves the lack of agent name validation in bootstrap mode within the `bytedance/deer-fl…

Read more
GraphQL Parser Stack Overflow Vulnerability and Depth Limit Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the lack of depth limitation in GraphQL resolvers, which may lead to stack overflow attacks. Attackers can exhaust server resources by crafting d…

Read more
BoidCMS <=2.1.2 LFI to RCE Vulnerability and POC
github.com · 2026-04-18

# Vulnerability Summary: BoidCMS Local File Inclusion (LFI) Leading to Remote Code Execution (RCE) ## Vulnerability Overview BoidCMS versions 2.1.2 and earlier contain a critical vulnerability. An att…

Read more
Fix for Path Traversal in Deerflow due to Missing Agent Name Validation
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves validating the bootstrap agent name before writing to the file system. Insufficient validation may lead to potential security issues, such as pat…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.