Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Linux Kernel IRQ Ownership Check Bypass Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the interrupt management functionality in the Linux kernel, specifically failing to properly verify whether the current task owns the interrupt w…

Read more
Deer-Flow Bootstrap Mode Agent Name Validation Bypass Analysis
github.com · 2026-04-18

# Vulnerability Summary: Deer-Flow Bootstrap Mode Agent Name Validation Bypass ## Overview This vulnerability involves the lack of agent name validation in bootstrap mode within the `bytedance/deer-fl…

Read more
GraphQL Parser Stack Overflow Vulnerability and Depth Limit Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the lack of depth limitation in GraphQL resolvers, which may lead to stack overflow attacks. Attackers can exhaust server resources by crafting d…

Read more
BoidCMS <=2.1.2 LFI to RCE Vulnerability and POC
github.com · 2026-04-18

# Vulnerability Summary: BoidCMS Local File Inclusion (LFI) Leading to Remote Code Execution (RCE) ## Vulnerability Overview BoidCMS versions 2.1.2 and earlier contain a critical vulnerability. An att…

Read more
Fix for Path Traversal in Deerflow due to Missing Agent Name Validation
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves validating the bootstrap agent name before writing to the file system. Insufficient validation may lead to potential security issues, such as pat…

Read more
Fix for GraphQLParser DoS via missing query depth limit
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves a depth limitation issue in the GraphQL parser. Specifically, the parser does not effectively limit the depth of queries when processing GraphQL …

Read more
qmail CVE-2026-41113 RCE via DNS MX Shell Injection with Exploit
github.com · 2026-04-18

# qmail Remote Code Execution Vulnerability (CVE-2026-41113) ## Vulnerability Overview * **Vulnerability Name**: qmail-remote Remote Code Execution (RCE) via DNS MX Hostname Shell Injection * **CVE ID…

Read more
Chatbox v1.20.0 MCP Stdio Transport RCE via Deep Link and Data Import
github.com · 2026-04-18

# Vulnerability Summary: Chatbox MCP Stdio Transport Arbitrary Command Execution (CVE-2024-XXXX) ## Vulnerability Overview Chatbox v1.20.0 and earlier versions contain a critical remote code execution…

Read more
ChurchCRM CSRF Vulnerability Fix and POC Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview **Vulnerability Type**: CSRF (Cross-Site Request Forgery) Vulnerability **Vulnerability ID**: #6013 **Affected Component**: Family record deletion functionality of …

Read more
Chamilo Social Post SVG Sanitization Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves allowing only images and videos as attachments in social posts, and performing sanitization on SVG content. Specifically includes: 1. **Social Po…

Read more
CVE-2025-67246 LuDaShi Driver Kernel Information Disclosure Vulnerability and POC
github.com · 2026-04-18

# CVE-2025-67246 Vulnerability Summary ## Overview * **Vulnerability Title**: LuDaShi Incorrect Access Control * **Vulnerability Description**: LuDaShi is a well-known free system utility software. It…

Read more
Chamilo LMS Stored XSS via SVG Upload and Fix Code
github.com · 2026-04-18

# Vulnerability Summary ## Overview Chamilo LMS has an SVG file handling vulnerability. An attacker can upload an SVG file containing malicious scripts; due to the system’s lack of proper sanitization…

Read more
HotChocolate GraphQL Parser Depth Limit Fix
github.com · 2026-04-18

### Vulnerability Overview - **Title**: Add depth limit to GraphQL parser #9528 - **Status**: Merged - **Submitter**: michaelstaib - **Time**: Last week ### Impact Scope - **Project**: ChilliCream/gra…

Read more
HotChocolate GraphQL Parser DoS Fix: Missing Depth Limit for Recursion and Directives
github.com · 2026-04-18

# Vulnerability Summary ## Overview This submission fixes the **missing depth limit** issue in the HotChocolate GraphQL parser. An attacker can construct deeply nested GraphQL queries or queries conta…

Read more
Chamilo PensProcessor SSRF Fix: Strict Private IP Validation
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves **insufficiently strict URL validation logic**, which may allow access to private/reserved address ranges (such as internal network addr…

Read more
Fix for Unauthorized Access in CourseRefUser Collection State Provider
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves an issue in the implementation of a custom state provider when handling role-based access and filtering in the `CourseRefUser` collection. Specif…

Read more
ChurchCRM IDOR Vulnerability Fix: API Permission Bypass
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Privilege Escalation (IDOR - Insecure Direct Object Reference) - **Affected Component**: ChurchCRM Personal API - **Description**: An atta…

Read more
Chamilo LMS Unauthenticated SSRF and Open Email Relay Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action (<=2.0-RC.2) - **Vulnerability Types**: - Server-Side Re…

Read more
Authenticated SQL Injection in Chamilo LMS 2.0 RC2 (CVE-2026-30881)
github.com · 2026-04-18

# Vulnerability Summary: Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) ## Overview - **Vulnerability Type**: Authenticated SQL Injection - **Vulnerable File**: `publ…

Read more
Chamilo LMS PENS Plugin Unauthenticated SSRF Vulnerability (CVE-2026-34160)
github.com · 2026-04-18

# Vulnerability Summary: Chamilo LMS PENS Plugin SSRF Vulnerability ## Overview The PENS (Package Exchange Notification Services) plugin in Chamilo LMS version 2.x contains an unauthenticated Server-S…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.