Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Firebird 4.0.7 Release: zlib Update to 1.3.2 and Integrity Trigger Fixes
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: Specific vulnerability name not explicitly mentioned, but involves multiple improvements and fixes. - **Vulnerability Description**: - Added API me…

Read more
free5gc UDR Path Validation Flaw Allows Unauthenticated Traffic Subscription Modification
github.com · 2026-04-18

# Improper Path Validation in UDR Leads to Unauthorized Creation and Modification of Traffic Influence Subscriptions ## Vulnerability Overview In the 5G core network UDR service, there is a path valid…

Read more
free5gc UDR Unauthorized Information Disclosure (SUPI Leakage)
github.com · 2026-04-18

# UDR nudr-dr influenceData/subs-to-notify SUPI Leakage Vulnerability Summary ## Vulnerability Overview In the 5G core network UDR service, there exists an unauthorized information disclosure vulnerab…

Read more
SecureDrop Client Gzip Path Traversal Vulnerability Fix
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: Path Traversal Vulnerability (Path Traversal) - **Vulnerability Description**: In `gzip` files, a maliciously crafted `gzip` file header filename c…

Read more
Maddy LDAP Injection (CVE-2024-20193) and Attribute Extraction PoC
github.com · 2026-04-18

# LDAP Filter Injection via Unsanitized Username (CVE-2024-20193) ## Vulnerability Overview * **Vulnerability Type**: LDAP Injection (CWE-90) * **Severity**: High (8.2/10) * **Affected Component**: `g…

Read more
mcp-server-kubernetes port_forward Parameter Injection Vulnerability
github.com · 2026-04-18

# Vulnerability Summary: Argument Injection Vulnerability in the `port_forward` Tool ## Overview In the `port_forward` tool of `mcp-server-kubernetes`, there is an argument injection vulnerability. Th…

Read more
Firebird SQL External Routine Path Traversal Leading to RCE
github.com · 2026-04-18

# Firebird SQL External Routine Declaration Path Traversal Vulnerability Summary ## Vulnerability Overview When a user declares an external routine using `CREATE FUNCTION ... ENGINE ""`, Firebird appe…

Read more
pay-uz Payment Middleware Configuration Flaw Analysis
github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a code file `web.php` in a GitHub repository named `pay-uz`. The file contains a potential security vulnerability, specifically manifested as po…

Read more
free5GC UDR Improper Path Validation Allows Unauthorized Deletion of Subscriptions (CVE-2025-40246)
github.com · 2026-04-18

# Improper Path Validation in UDR Leads to Unauthorized Deletion of Traffic Influence Subscriptions ## Vulnerability Overview In the UDR service, there is a path validation vulnerability. An attacker …

Read more
FirebirdSQL CVE-2020-33337 Buffer Overflow in Slice Packet Parsing
github.com · 2026-04-18

# Vulnerability Overview **Title**: Buffer overflow on parsing corrupted slice packet **CVE ID**: CVE-2020-33337 **CVSS v3 Score**: 7.5 / 10 (High) **Reporter**: dyemanov **Published Time**: 17 hours …

Read more
5G UDR Improper Path Validation Leading to Unauthorized Access (CVE-2025-40247)
github.com · 2026-04-18

# Improper Path Validation in UDR Leads to Unauthorized Access to Traffic Influence Subscriptions ## Vulnerability Overview There is a path validation vulnerability in the UDR service. An attacker can…

Read more
OpenHarness Path Traversal and SSRF Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview This commit fixes vulnerabilities related to Path Traversal and Web Guards in the OpenHarness project. The main issue lies in insufficient permission …

Read more
Paket Compiler manifest package name validation bypass
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves improper handling of invalid package names when parsing `manifest` files. Specifically, when an invalid package name is present in the `manifest`…

Read more
Valtimo Cloud: Sensitive Data Logging & Null Safety Fixes
github.com · 2026-04-18

### Vulnerability Overview - **Title**: Inbox & SSE event mapper: sensitive data logging, silent exceptions, and null safety issues #653 - **Status**: Closed - **Tags**: Bug, Commuter, Security - **Af…

Read more
OpenHARNESS Gateway Remote Admin Command Unauthorized Access Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview This submission fixes a security issue related to slash commands in the Gateway component of the OpenHARNESS project. It primarily involves strengthening access con…

Read more
GeoNode Remote Document Upload Thumbnail Generation Vulnerability Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to process thumbnail files generated from remote URLs lo…

Read more
free5GC UDR CVE-2025-0249 Policy Data Subscription Handling Flaw
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut - **Vulnerability Description**: In the free5GC UDR service, the `/nudr/dr/v2/pol…

Read more
pay-uz ApiController.php File Upload RCE Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the file upload functionality in the `ApiController.php` file. An attacker can craft specific requests to upload malicious files to the server, p…

Read more
GeoNode Remote Document Upload SSRF Vulnerability and Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to generate thumbnails for them. An attacker can craft a…

Read more
SecureDrop Client Path Injection Vulnerability (CVE-2026-35485) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: SecureDrop Client Path Injection Vulnerability ## Overview - **Vulnerability Name**: SecureDrop Client `read_gzip_header_filename()` Path Injection - **CVE ID**: CVE-2026-3548…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.