Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Kyverno ConfigMap Cross-Namespace Unauthorized Access Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves an access control issue for `configmap` in the Kyverno project. Specifically, access to `configmap` is restricted to only allow policies within t…

Read more
Kyverno apiCall SSRF Leading to ServiceAccount Token Leakage
github.com · 2026-04-24

# Kyverno ServiceAccount Token Leak Vulnerability Summary ## Vulnerability Overview Kyverno’s `apiCall` feature automatically attaches the admission controller’s ServiceAccount (SA) token to outbound …

Read more
Fix XSS in Markdown rendering via DOMPurify sanitization
github.com · 2026-04-24

### Vulnerability Overview The webpage screenshot shows a commit record of a GitHub repository, involving a fix for the Markdown rendering functionality. The specific issue is: when rendering Markdown…

Read more
Kyverno ForEach patchesJson6902 nil panic causing CrashLoopBackOff fix
github.com · 2026-04-24

### Vulnerability Overview In the `kyverno` project, when the `patchesJson6902` field of `ForEach` contains a variable that resolves to `nil`, the mutation handler crashes and causes the background co…

Read more
basic-ftp CVE-2025-4124 Remote DoS via Unbounded Memory Consumption with PoC
github.com · 2026-04-24

# basic-ftp Remote Denial of Service Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: GHSA-r42J-5vxx-gqwr * **CVE ID**: CVE-2025-4124 * **Severity**: High (7.5 / 10) * **Vulnera…

Read more
Stored DOM XSS in anything-llm Chartable Component (CVE-2024-4318)
github.com · 2026-04-24

# Vulnerability Summary: Stored DOM XSS in Chart Caption Renderer ## Overview A stored DOM XSS vulnerability was discovered in the chart renderer of `anything-llm`. The vulnerability stems from LLM-dr…

Read more
Kyverno CVE-2026-22039: RBAC Bypass via configMap Context Loader with POC
github.com · 2026-04-24

# Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039) Incomplete Fix ## Vulnerability Overview Kyverno’s `apiCall` context loader fixed the cross-namespace privilege escalation vulnerability…

Read more
MailKit CVE-2024-4739 STARTTLS Response Injection Enables SASL Mechanism Downgrade
github.com · 2026-04-24

### Vulnerability Overview **Vulnerability Name**: STARTTLS Response Injection via unflushed stream buffer enables SASL mechanism downgrade **Vulnerability Description**: - **Vulnerability Type**: Man…

Read more
Kyverno Controller DoS via ForEach Type Assertion Panic in patchesJson6902
github.com · 2026-04-24

# Kyverno Controller Denial of Service Vulnerability Summary ## Vulnerability Overview The Kyverno controller contains an unchecked type assertion vulnerability located in the `ForEach` mutation handl…

Read more
roxy-wi server_ip Input Validation Bypass Vulnerability Analysis
github.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves the `roxy-wi` project, where insufficient validation of the `server_ip` parameter allows an attacker to bypass verification by crafting …

Read more
PostCSS <8.5.10 Unescaped </style> Leading to XSS
github.com · 2026-04-24

# PostCSS XSS Vulnerability Summary ## Vulnerability Overview Versions of PostCSS prior to 8.5.10 do not escape the `` sequence when stringifying CSS AST. When user-submitted CSS is parsed and re-stri…

Read more
Frappe Press API Key Generation Logic Flaw Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the `press/api/account.py` file in the `frappe/press` project. The specific issue is a logic error in the `create_api_secret` function when handl…

Read more
Ossn Image Upload CWE-400 Uncontrolled Resource Consumption Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability Type**: CWE-400 (Uncontrolled Resource Consumption) - **Description**: When uploading images, there is no restriction on image width and height, w…

Read more
FreeRDP Path Traversal Vulnerability in contains_dotdot()
github.com · 2026-04-24

# FreeRDP `contains_dotdot()` Path Traversal Vulnerability Summary ## Vulnerability Overview In the file `channels/drive/client/drive_file.c` of FreeRDP, the `contains_dotdot()` function has an off-by…

Read more
Roxy-WI Authenticated RCE via OS Command Injection (CVE-2020-33208) with POC
github.com · 2026-04-24

### Vulnerability Overview **Vulnerability Name**: Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint **Vulnerability Description**: In the `/config//find-in-confi…

Read more
Actual Sync Server Privilege Escalation via change-password Endpoint (Pre-Auth/IDOR)
github.com · 2026-04-24

# Vulnerability Summary: Privilege Escalation on 'change-password' Endpoint of OpenID-Migrated Servers ## Vulnerability Overview On servers migrated from password authentication to OpenID Connect, any…

Read more
OP-TEE OS PKCS#11 TA Out-of-bounds Read and Memory Disclosure (CVE-2026-3317)
github.com · 2026-04-24

# PKCS#11 TA Out-of-Bounds Read and Memory Disclosure Vulnerability Summary ## Vulnerability Overview **CVE-2026-3317** * **Severity**: High (8.7/10) * **Affected Versions**: OP-TEE OS >= 3.13.0 * **F…

Read more
roxy-wi haproxy_section_save SQL Injection Vulnerability Analysis
github.com · 2026-04-24

# SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: SQL injection vulnerability exists in the `haproxy_section_save` endpoint * **Vulnerability Source**: Unfilter…

Read more
Kirby CMS CVE-2024-40099: pages:create Bypasses changeStatus via isDraft
github.com · 2026-04-24

# Vulnerability Overview **Vulnerability Title**: Page creation API bypasses `changeStatus` permission check via unfiltered `isDraft` parameter **CVE ID**: CVE-2024-40099 **CVSS Score**: 5.3 / 10 (Mod…

Read more
Kirby CMS Vulnerability Advisory: SSTI, Privilege Escalation, XML Injection (CVE-2026-34587)
github.com · 2026-04-24

### Vulnerability Overview 1. **Server-Side Template Injection (SSTI) via Double Template Parsing in Option Rendering** - **Description**: This vulnerability affects Kirby sites that use option fields…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.