Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23786+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
SSRF Vulnerability in mcp-data-vis: Analysis, PoC, and Fix
github.com · 2026-04-28

# Server-Side Request Forgery (SSRF) Vulnerability Summary for mcp-data-vis ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **CWE ID**: CWE-918 * **Affected Co…

Read more
Online Job Portal PHP/PDO v1.0 SQL Injection Vulnerability and POC
thecyberpost.com · 2026-04-28

# SQL Injection Vulnerability in Online Job Portal PHP/PDO 1.0 ## Vulnerability Overview The Online Job Portal PHP/PDO version 1.0 contains a remote SQL injection vulnerability. The `CATEGORY` paramet…

Read more
codeastro Online Classroom V1.0 SQL Injection Vulnerability (#801913)
vuldb.com · 2026-04-28

# Vulnerability Summary - **Vulnerability ID**: #801913 - **Vulnerability Title**: codeastro Online Classroom V1.0 SQL Injection - **Vulnerability Type**: SQL Injection - **Submission Time**: 2026/04/…

Read more
1000project SQL Injection Vulnerability (CVSS 9.8) with POC and Fix
github.com · 2026-04-28

# CVE Report: 1000project User Block/Unblock SQL Injection #3 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Severity**: Critical (CVSS 3.1: 9.8) * **Affected Product**: …

Read more
1000project IDOR and SQLi Vulnerability Analysis
github.com · 2026-04-28

# CVE Report Summary: 1000project IDOR Vulnerability - Password Modification ## Vulnerability Overview * **Vulnerability Type**: IDOR (Insecure Direct Object Reference) * **Severity**: High (CVSS 3.1:…

Read more
IDOR Vulnerability in WorkspaceInvitationsController: Analysis and Fix
github.com · 2026-04-28

# Vulnerability Summary: IDOR Vulnerability in WorkspaceInvitationsController ## Vulnerability Overview - **Title**: Security: Cross-Workspace Invitation Deletion IDOR in WorkspaceInvitationsControlle…

Read more
vLLM Base Scheduler KV Cache Corruption Vulnerability Analysis
github.com · 2026-04-28

# [Bug]: KV block corruption in base scheduler, Non-deterministic output at temperature=0 without prefix caching #39146 ## Vulnerability Overview In the vLLM project, when using the base scheduler and…

Read more
vLLM KV Block Corruption Causing Non-Deterministic Output at Temperature=0
github.com · 2026-04-28

# [Bug]: KV Block Corruption in Base Scheduler, Non-deterministic Output at temperature=0 Without Prefix Caching #39146 ## Vulnerability Overview A KV block corruption bug has been discovered in the b…

Read more
vLLM Fix: FullAttention KV Cache Zeroing to Prevent Memory Leak
github.com · 2026-04-28

### Vulnerability Overview This vulnerability involves the improper recycling of KV blocks in the `FullAttention` model. Specifically, there are defects in the implementation and testing of the `needs…

Read more
Wooey Missing Authorization in add_or_update_script API Leads to RCE
github.com · 2026-04-28

# [Security] Missing authorization check in add_or_update_script API allows RCE by any authenticated user #408 ## Vulnerability Overview The `add_or_update_script` API endpoint (`/api/scripts/v1/add-o…

Read more
diskover-community CVE-2026-38935 Reflected XSS Vulnerability Analysis
github.com · 2026-04-28

# CVE-2026-38935 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Reflected Cross-Site Scripting (Reflected XSS) - **Affected Component**: `public/view.php` in `diskover-commu…

Read more
FuelPHP Blocks.php Unauthenticated File Upload Leading to RCE
github.com · 2026-04-28

### Vulnerability Overview The screenshot of the webpage displays a file named `Blocks.php`, which contains a potential security vulnerability. Specifically, the file has a security flaw in its handli…

Read more
Wooyee add_or_update_script API Privilege Escalation to RCE Fix
github.com · 2026-04-28

# Vulnerability Summary ## Overview The `add_or_update_script` API in the Wooyee project suffers from an authorization flaw. The endpoint only verifies that the user is logged in (`@requires_login`) b…

Read more
TOTOLINK A8000RU Router cstecgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-28

# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview The TOTOLINK A8000RU router contains a command injection vulnerability. Attackers can inject arbitrary operating syste…

Read more
CVE-2026-38934: CSRF Authentication Bypass and Fix
github.com · 2026-04-28

# CVE-2026-38934 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Authentication bypass due to Cross-Site Request Forgery (CSRF) - **Affected Component**: `public/settings_pro…

Read more
TOTOLINK A8000RU cstecgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-28

# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview A command injection vulnerability was discovered in the `cstecgi.cgi` component of the TOTOLINK A8000RU router. Attack…

Read more
miniaudio audio decoding buffer overflow vulnerability fix analysis
github.com · 2026-04-28

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves memory safety issues in the `miniaudio` library when processing audio files. Specifically, there are potential risks of bu…

Read more
Fix authd user login primary group GID incorrectly reset to UID
github.com · 2026-04-28

### Vulnerability Overview This vulnerability involves the incorrect resetting of a user's primary group GID (Group ID) to the user's UID (User ID) during login. This causes the GID set via the `authc…

Read more
TOTOLINK A8000RU cstecgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-28

# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview A command injection vulnerability was discovered in the `cstecgi.cgi` script of the TOTOLINK A8000RU router. Attackers…

Read more
TOTOLINK A8000RU Router cstecgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-28

# A8000RU Command Injection Vulnerability Summary ## Vulnerability Overview The TOTOLINK A8000RU router contains a command injection vulnerability. Attackers can inject arbitrary operating system comm…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.