Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Fix for GraphQLParser DoS via missing query depth limit
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves a depth limitation issue in the GraphQL parser. Specifically, the parser does not effectively limit the depth of queries when processing GraphQL …

Read more
qmail CVE-2026-41113 RCE via DNS MX Shell Injection with Exploit
github.com · 2026-04-18

# qmail Remote Code Execution Vulnerability (CVE-2026-41113) ## Vulnerability Overview * **Vulnerability Name**: qmail-remote Remote Code Execution (RCE) via DNS MX Hostname Shell Injection * **CVE ID…

Read more
Chatbox v1.20.0 MCP Stdio Transport RCE via Deep Link and Data Import
github.com · 2026-04-18

# Vulnerability Summary: Chatbox MCP Stdio Transport Arbitrary Command Execution (CVE-2024-XXXX) ## Vulnerability Overview Chatbox v1.20.0 and earlier versions contain a critical remote code execution…

Read more
ChurchCRM CSRF Vulnerability Fix and POC Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview **Vulnerability Type**: CSRF (Cross-Site Request Forgery) Vulnerability **Vulnerability ID**: #6013 **Affected Component**: Family record deletion functionality of …

Read more
Chamilo Social Post SVG Sanitization Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves allowing only images and videos as attachments in social posts, and performing sanitization on SVG content. Specifically includes: 1. **Social Po…

Read more
CVE-2025-67246 LuDaShi Driver Kernel Information Disclosure Vulnerability and POC
github.com · 2026-04-18

# CVE-2025-67246 Vulnerability Summary ## Overview * **Vulnerability Title**: LuDaShi Incorrect Access Control * **Vulnerability Description**: LuDaShi is a well-known free system utility software. It…

Read more
Chamilo LMS Stored XSS via SVG Upload and Fix Code
github.com · 2026-04-18

# Vulnerability Summary ## Overview Chamilo LMS has an SVG file handling vulnerability. An attacker can upload an SVG file containing malicious scripts; due to the system’s lack of proper sanitization…

Read more
HotChocolate GraphQL Parser Depth Limit Fix
github.com · 2026-04-18

### Vulnerability Overview - **Title**: Add depth limit to GraphQL parser #9528 - **Status**: Merged - **Submitter**: michaelstaib - **Time**: Last week ### Impact Scope - **Project**: ChilliCream/gra…

Read more
HotChocolate GraphQL Parser DoS Fix: Missing Depth Limit for Recursion and Directives
github.com · 2026-04-18

# Vulnerability Summary ## Overview This submission fixes the **missing depth limit** issue in the HotChocolate GraphQL parser. An attacker can construct deeply nested GraphQL queries or queries conta…

Read more
Chamilo PensProcessor SSRF Fix: Strict Private IP Validation
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves **insufficiently strict URL validation logic**, which may allow access to private/reserved address ranges (such as internal network addr…

Read more
Fix for Unauthorized Access in CourseRefUser Collection State Provider
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves an issue in the implementation of a custom state provider when handling role-based access and filtering in the `CourseRefUser` collection. Specif…

Read more
ChurchCRM IDOR Vulnerability Fix: API Permission Bypass
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Privilege Escalation (IDOR - Insecure Direct Object Reference) - **Affected Component**: ChurchCRM Personal API - **Description**: An atta…

Read more
Chamilo LMS Unauthenticated SSRF and Open Email Relay Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action (<=2.0-RC.2) - **Vulnerability Types**: - Server-Side Re…

Read more
Authenticated SQL Injection in Chamilo LMS 2.0 RC2 (CVE-2026-30881)
github.com · 2026-04-18

# Vulnerability Summary: Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) ## Overview - **Vulnerability Type**: Authenticated SQL Injection - **Vulnerable File**: `publ…

Read more
Chamilo LMS PENS Plugin Unauthenticated SSRF Vulnerability (CVE-2026-34160)
github.com · 2026-04-18

# Vulnerability Summary: Chamilo LMS PENS Plugin SSRF Vulnerability ## Overview The PENS (Package Exchange Notification Services) plugin in Chamilo LMS version 2.x contains an unauthenticated Server-S…

Read more
Chamilo LMS Stored XSS via Malicious File Upload (GHSA-273p-jw9w-3g22)
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS Vulnerability in Chamilo LMS ## Overview - **Vulnerability Name**: Stored XSS via Malicious File Upload in Social Post Attachments Leading to Arbitrary JavaScript E…

Read more
Chamilo LMS OS Command Injection Vulnerability (CVE-2026-35196) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: Chamilo LMS OS Command Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: Operating System Command Injection (OS Command Injection) * **Vulnerability …

Read more
Chamilo LMS IDOR Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: Chamilo LMS IDOR Vulnerability ## Overview - **Vulnerability Type**: Insecure Direct Object Reference (IDOR) / Broken Object Level Authorization (BOLA) - **Affected Component*…

Read more
ChurchCRM SQLi Fix in FinancialService & API Login Hardening
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: SQL Injection (SQLi) - **Affected Module**: The `getMemberByScanCode` method in the `FinancialService` class of ChurchCRM - **Root Cause**…

Read more
ChurchCRM SQL Injection Fix in FinancialService.php
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: SQL Injection (SQLi) - **Location**: `getMemberByScanString()` method in `FinancialService.php` - **Cause**: Raw SQL queries are used with…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.