Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
SQL Injection in Computer and Mobile Repair Shop Management System v1.0 with POC
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: SQL Injection 3 - **Vulnerability Description**: A SQL injection vulnerability was discovered in `Computer and Mobile Repair Shop Management System…

Read more
ImageMagick 7.1.2-19 Security Release
github.com · 2026-04-18

# ImageMagick 7.1.2-19 Version Released ## Vulnerability Overview ImageMagick has released version 7.1.2-19, which includes security fixes. ## Impact Scope All users of ImageMagick 7.1.2 and earlier v…

Read more
Jellyfin LiveTV M3U Tuner SSRF and Arbitrary File Read Vulnerability (CVE-2026-35032)
github.com · 2026-04-18

# Jellyfin Potential SSRF + Arbitrary File Read Vulnerability (LiveTV M3U Tuner) ## Vulnerability Overview The LiveTV M3U tuner endpoint of Jellyfin (`POST /LiveTv/Tuners/IsAllowed`) does not validate…

Read more
CVE-2025-2332: Eclipse Jetty HTTP Request Smuggling via Chunked Extension Parsing
github.com · 2026-04-18

# HTTP Request Smuggling Vulnerability: Parsing of Quoted String Extension with Chunked Encoding ## Vulnerability Overview Eclipse Jetty incorrectly treats `\r\n` as the terminator of a quoted string …

Read more
CVE-2020-4014: jq Hash Collision DoS Vulnerability and Fix
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: CVE-2020-4014 - **Vulnerability Type**: Hash Collision Denial of Service Attacks (Hash Collision DoS Attacks) - **Description**: The hash function …

Read more
Jellyfin SSRF Arbitrary File Read via ffmpeg Injection (CVE-2026-9333)
github.com · 2026-04-18

# Vulnerability Summary: Jellyfin SSRF + Arbitrary File Read ## Overview Jellyfin has an unauthenticated remote arbitrary file read vulnerability (SSRF), achieved via `ffmpeg` parameter injection. An …

Read more
jq JSON Parser NUL Truncation Vulnerability (CVE-2026-33948) Fix and POC
github.com · 2026-04-18

### Vulnerability Overview - **CVE ID**: CVE-2026-33948 - **Description**: Fixed a NUL truncation issue in the JSON parser. - **Submitter**: itchyny - **Submission Time**: 5 days ago ### Impact Scope …

Read more
Plex/Jellyfin SSRF Vulnerability Fix and Protection Configuration Guide
github.com · 2026-04-18

# Vulnerability Summary ## Overview This commit fixes a **Server-Side Request Forgery (SSRF)** vulnerability. * **Affected Components**: Plex server and Jellyfin server. * **Vulnerability Principle**:…

Read more
libjv CVE-2026-32316 Heap Buffer Overflow Fix
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: Heap Buffer Overflow - **Vulnerability Location**: Functions `jvp_string_append` and `jvp_string_copy_replace_bad` - **Vulnerability Description**:…

Read more
Keras TFSMLayer Arbitrary Code Execution via Unsafe Deserialization
github.com · 2026-04-18

# Keras TFSMLayer Deserialization Vulnerability Summary ## Vulnerability Overview Keras's `TFSMLayer` has a security vulnerability when deserializing external `SavedModel`s. An attacker can create mal…

Read more
WordPress My Calendar Plugin Unauthenticated IDOR and DoS Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: My Calendar Plugin Unauthorized Information Disclosure (IDOR) and Denial of Service (DoS) ## Vulnerability Overview In the WordPress plugin **My Calendar**, there exists an un…

Read more
jq CVE-2020-32947 Stack Overflow Vulnerability and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Path Depth Limit to Prevent Stack Overflow - **CVE ID**: CVE-2020-32947 - **Description**: Deeply nested path arrays may cause infinite re…

Read more
jq libjq jv_parse_sized() Out-of-Bounds Read Vulnerability (CVE-2025-39979) with POC
github.com · 2026-04-18

# Vulnerability Summary: Out-of-Bounds Read Vulnerability in `jv_parse_sized()` of jq Library ## Vulnerability Overview - **CVE ID**: CVE-2025-39979 - **Severity**: Moderate - **Vulnerability Type**: …

Read more
jq CVE-2026-33947: Infinite Recursion DoS via Deep Path Arrays
github.com · 2026-04-18

# Vulnerability Summary: Infinite Recursion in jv_setpath() / jv_getpath() / delpaths_sorted() ## Vulnerability Overview There is an infinite recursion vulnerability in the functions `jv_setpath()`, `…

Read more
jq CVE-2026-3316 Integer Overflow Leading to Heap Buffer Overflow
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Integer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad` allows heap buffer overflow - **CVE ID**: CVE-2026-3316 - **GHSA…

Read more
jq Hash Collision DoS Vulnerability Analysis and POC
github.com · 2026-04-18

# jq Algorithm Complexity DoS Vulnerability Summary ## Vulnerability Overview When processing hash table operations on JSON objects, jq uses a hardcoded MurmurHash3 seed (`0x432A9883`). Since the seed…

Read more
jq CLI Embedded-NUL Truncation Bypasses Validation (CVE-2025-3948)
github.com · 2026-04-18

# Embedded-NUL Truncation in jq CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input ## Vulnerability Overview In the `jq` CLI tool, when parsing JSON using a file path (`fgets`) inste…

Read more
jq CVE-2026-39556: _strindices Missing Type Check Causes Crash and Memory Leak
github.com · 2026-04-18

# jq `_strindices` Lacks Runtime Type Checking Leading to Crash and Limited Memory Leak ## Vulnerability Overview `_strindices` is the C implementation of the `indices` / `index` / `rindex` functions …

Read more
Kimai Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget ## Vulnerability Overview - **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) - **Root C…

Read more
CVE-2026-40486: BOPA allows standard users to modify restricted financial attributes
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate - **Vulnerability Typ…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.