Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23488+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
OpenHarness Path Traversal and SSRF Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview This commit fixes vulnerabilities related to Path Traversal and Web Guards in the OpenHarness project. The main issue lies in insufficient permission …

Read more
Paket Compiler manifest package name validation bypass
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves improper handling of invalid package names when parsing `manifest` files. Specifically, when an invalid package name is present in the `manifest`…

Read more
Valtimo Cloud: Sensitive Data Logging & Null Safety Fixes
github.com · 2026-04-18

### Vulnerability Overview - **Title**: Inbox & SSE event mapper: sensitive data logging, silent exceptions, and null safety issues #653 - **Status**: Closed - **Tags**: Bug, Commuter, Security - **Af…

Read more
OpenHARNESS Gateway Remote Admin Command Unauthorized Access Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview This submission fixes a security issue related to slash commands in the Gateway component of the OpenHARNESS project. It primarily involves strengthening access con…

Read more
GeoNode Remote Document Upload Thumbnail Generation Vulnerability Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to process thumbnail files generated from remote URLs lo…

Read more
free5GC UDR CVE-2025-0249 Policy Data Subscription Handling Flaw
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut - **Vulnerability Description**: In the free5GC UDR service, the `/nudr/dr/v2/pol…

Read more
pay-uz ApiController.php File Upload RCE Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the file upload functionality in the `ApiController.php` file. An attacker can craft specific requests to upload malicious files to the server, p…

Read more
GeoNode Remote Document Upload SSRF Vulnerability and Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to generate thumbnails for them. An attacker can craft a…

Read more
SecureDrop Client Path Injection Vulnerability (CVE-2026-35485) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: SecureDrop Client Path Injection Vulnerability ## Overview - **Vulnerability Name**: SecureDrop Client `read_gzip_header_filename()` Path Injection - **CVE ID**: CVE-2026-3548…

Read more
Postiz-app Unauthenticated File Upload Leading to Stored XSS (CVE-2026-40487)
github.com · 2026-04-18

# Vulnerability Summary: Unauthorized File Upload in Postiz-app Leads to Stored XSS ## Overview **CVE-2026-40487** **Severity**: 8.9/10 (High) **Release Date**: April 2024 **Affected Versions**: = v2.…

Read more
libgphoto2 CVE-2024-40339 OOB Read in PTP Sony DPD Parsing
github.com · 2026-04-18

# Vulnerability Overview - **Vulnerability Name**: OOB read in `ptp_unpack_Sony_DPD()` FormFlag parsing in `ptp-pack.c` - **CVE ID**: CVE-2024-40339 - **Severity**: Moderate (5.2 / 10) - **CVSS Vector…

Read more
libptp2 Buffer Overflow Vulnerability (CVE-2026-40333) and Patch Details
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Buffer Overflow - **Vulnerability Description**: The functions `ptp_unpack_EOS_ImageFormat()` and `ptp_unpack_EOS_CustomFunc…

Read more
Git for Windows CVE-2026-32631 NTLM Hash Leakage via Malicious Repos
github.com · 2026-04-18

# Git for Windows Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers - **CVE ID**: CVE-2026-3…

Read more
libgphoto2 ptp_unpack_Sony_DPD() Memory Leak Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: ptp_unpack_Sony_DPD() Memory Leak ## Overview In the file `ptp-pack.c` of `libgphoto2`, the function `ptp_unpack_Sony_DPD()` contains a memory leak vulnerability. This issue o…

Read more
libgphoto2 CVE-2020-49341 OOB Read Fix in ptp_unpack_EOS_FocusInfoEx
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: 008 Read Error (008 read) - **Vulnerability Description**: In the `ptp_unpack_EOS_FocusInfoEx` function, the data size is not checked before use, w…

Read more
libgphoto2 CVE-2024-40333 OOB Read Vulnerability Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: libgphoto2 OOB Read Vulnerability ## Overview In the file `ptp-unpack.c`, the functions `ptp_unpack_EOS_ImageFormat()` and `ptp_unpack_EOS_CustomFuncEx()` accept a data pointe…

Read more
GHSA-526v-vm72-4vd4: Sail XWD Parser Invalid BPP Handling Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper handling of invalid bpp (bits per pixel) - **Vulnerability ID**: GHSA-526v-vm72-4vd4 - **Affected Components**: `src/sail-codecs/…

Read more
gramps-webapi Zip Slip Path Traversal Fix in media_importer
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the `check_disk_space_and_extract` method in the `media_importer.py` file of the `gramps-webapi` project. The method fails to properly validate f…

Read more
libgphoto2 CVE-2020-40338 OOB Read in Sony PTP DPD Enumeration Parsing
github.com · 2026-04-18

# Vulnerability Summary: Out-of-Bounds Read in Enumeration Count Parsing of ptp_unpack_Sony_DPD() ## Vulnerability Overview - **Vulnerability Type**: Out-of-Bounds Read (OOB read) - **Affected Functio…

Read more
libgphoto2 CVE-2024-40340 OOB Read Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: Out-of-Bounds Read Vulnerability in ptp_unpack_OI() ## Overview - **Vulnerability Type**: Out-of-Bounds Read (OOB read) - **Location**: `ptp-unpack.c` file, function `ptp_unpa…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.