Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
libcoap coap_new_cache_entry Logic Flaw and Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview In the `libcoap` library, the `coap_new_cache_entry()` function has a logic flaw: when this function is called with the `COAP_CACHE_RECORD_PDU` flag, it does not pr…

Read more
opencryptoki BER Decoding Out-of-Bounds Access Vulnerability Fix
github.com · 2026-04-18

### Vulnerability Overview A potential out-of-bounds access vulnerability has been discovered in the `opencryptoki` project. The vulnerability occurs during the decoding of BER-encoded data, specifica…

Read more
OAuth2 Proxy Multiple Critical Vulnerabilities: Auth Bypass via Health Check, X-Forwarded-Uri, and Email Validation (CVE
github.com · 2026-04-18

### Vulnerability Overview Multiple critical security vulnerabilities have been discovered in OAuth2 Proxy, including: 1. **Health Check User-Agent Authentication Bypass** 2. **Authentication Bypass v…

Read more
NocoBase SSRF Vulnerability (CVE-2025-40346) Analysis and Fix
github.com · 2026-04-18

# SSRF in Workflow HTTP Request and Custom Request Plugins (CWE-918) ## Vulnerability Overview The Workflow HTTP Request plugin and Custom Request Action plugin of NocoBase allow the server to initiat…

Read more
CVE-2026-25125: Environment Variable Exfiltration via INI Parser Interpolation in October CMS
github.com · 2026-04-18

# Vulnerability Overview - **Vulnerability Name**: Environment Variable Exfiltration via INI Parser Interpolation - **CVE ID**: CVE-2026-25125 - **CVSS Score**: 4.9 / 10 (Moderate) - **Affected Softwa…

Read more
OAuth2 Proxy Session Cookie Not Cleared on Sign-in Page (CVE-2026-34454)
github.com · 2026-04-18

# Vulnerability Summary: Session cookie not cleared when rendering sign-in page ## Overview - **Vulnerability Name**: Session cookie not cleared when rendering sign-in page - **Vulnerability ID**: GHS…

Read more
NocoBase plugin-workflow-javascript JavaScript VM Sandbox Escape (CVE Draft)
github.com · 2026-04-18

# NocoBase Workflow JavaScript Sandbox Escape (CVE Draft) ## Vulnerability Overview The `plugin-workflow-javascript` plugin of NocoBase contains a JavaScript VM sandbox escape vulnerability. * **Vulne…

Read more
Prometheus UI Stored XSS Vulnerability Fix Analysis
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves stored cross-site scripting (XSS) attacks, achieved through unescaped data names and labels. Attackers can exploit this vulnerability to execute …

Read more
OpenRemote Rule Engine Expression Injection Vulnerability Analysis
github.com · 2026-04-18

# OpenRemote Expression Injection Vulnerability Summary ## Vulnerability Overview The rule engine of the OpenRemote IoT platform contains two interrelated critical expression injection vulnerabilities…

Read more
CVE-2026-34457: OAuth2 Proxy auth_request Authentication Bypass via User-Agent
github.com · 2026-04-18

# Vulnerability Overview **Title**: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode **CVE ID**: CVE-2026-34457 **CVSS Score**: 9.1 / 10 (Critical) **Reporter**: tuunit OA…

Read more
Python CPython Remote Debugging Offset Table Validation Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves the remote debug offset tables in the Python CPython project, which do not perform strict validation when processing data from the target process…

Read more
WordPress Plugin ajax.php Unauthenticated File Upload and Injection Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a file named `ajax.php`, which contains multiple functions for handling image uploads, deletions, and article submissions. These functions have …

Read more
CVE-2026-30480: LibreNMS NFSen Module Local File Inclusion (LFI) Vulnerability
github.com · 2026-04-18

# CVE-2026-30480: LibreNMS Local File Inclusion (LFI) Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Local File Inclusion (LFI) / Path Traversal * **Affected Component**: Li…

Read more
Pillow FitsZipDecoder Resource Consumption Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview In the `FitsImagePlugin.py` file of the `Pillow` library, there is a potential security issue in the `decode` method of the `FitsZipDecoder` class. When processing …

Read more
Leaflet bindPopup() XSS Vulnerability (CVE-2025-69993) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: Leaflet bindPopup() XSS Vulnerability (CVE-2025-69993) ## Vulnerability Overview The Leaflet library contains a Cross-Site Scripting (XSS) vulnerability in the `bindPopup()` m…

Read more
py-pdf XMP Quadratic Entity Expansion DoS Vulnerability Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves high memory usage that may be triggered when parsing XMP metadata, due to bypassing the default limits of the `libexpat` library. Specifically, i…

Read more
OpenProject 2FA OTP Rate Limiting Bypass (CWE-307) Analysis
github.com · 2026-04-18

### Vulnerability Overview **Vulnerability Name**: Missing Rate Limiting for 2FA OTP Verification (CWE-307) **Description**: - The 2FA OTP verification (`confirm_otp_action`) lacks rate limiting, lock…

Read more
Pillow GZIP Decompression Bomb Fix (#9521) - DoS Prevention
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Pillow GZIP Decompression Bomb - **Vulnerability ID**: #9521 - **Description**: This vulnerability involves reading only the necessary dat…

Read more
openCryptoki BER/DER Decoder Memory Safety Vulnerabilities Analysis
github.com · 2026-04-18

# Memory safety vulnerabilities in BER/DER decoders in asn1.c ## Vulnerability Overview Memory safety vulnerabilities have been discovered in the BER/DER decoding functions of openCryptoki. These vuln…

Read more
Python CPython _remote_debugging Remote Debug Offset Table Validation Vulnerability
github.com · 2026-04-18

# Python CPython Remote Debug Offset Table Validation Vulnerability (#148178) ## Vulnerability Overview The `_remote_debugging` module in Python lacks strict validation mechanisms when reading externa…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.