Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
libsixel Use-After-Free in load_gif() Analysis
github.com · 2026-04-18

# Vulnerability Summary: Use-After-Free in load_gif() ## Overview In the `load_gif()` function, the libsixel library has a Use-After-Free vulnerability when processing animated GIFs. This function reu…

Read more
Escargot Serialization Vulnerability Fixes (CVE-2026-25205/25206/25207)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: #1554 - **Vulnerability Description**: Fixed several minor issues related to serialization, including: - Introduced a local lambda function in `Shell…

Read more
libsixel integer overflow in write_png_to_file leading to heap overflow
github.com · 2026-04-18

### Vulnerability Overview **Title**: `integer overflow in write_png_to_file() lead to heap overflow` **Description**: - **Issue**: `sixel_frame_convert_to_rgb888()` uses `int` arithmetic for allocati…

Read more
Remote Code Execution via Shell Injection in qmail-remote TLS Error Handler
github.com · 2026-04-18

# Vulnerability Overview - **Vulnerability Name**: Remote Code Execution via Shell Injection in qmail-remote TLS Error Handler - **Vulnerability ID**: #42 - **Vulnerability Type**: Remote Code Executi…

Read more
SQL Injection in Online Employees Work From Home Attendance System v1.0 with POC
github.com · 2026-04-18

# Online Employees Work From Home Attendance System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Name**: Online Employees Work From Home Attendance System v1.0 SQL Inje…

Read more
Patient Appointment Scheduler System v1.0 Arbitrary File Upload Leading to RCE
github.com · 2026-04-18

# Patient Appointment Scheduler System v1.0 Arbitrary File Upload Leads to Remote Code Execution (RCE) ## Vulnerability Overview * **Vulnerability Name**: Patient Appointment Scheduler System v1.0 Arb…

Read more
Storage Unit Rental Management System v1.0 SQL Injection Vulnerability and POC
github.com · 2026-04-18

# Storage Unit Rental Management System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Vulnerability ID**: CVE-2024-XXXX (inferred from screensh…

Read more
SQL Injection in Storage Unit Rental Management System v1.0 with POC
github.com · 2026-04-18

# Storage Unit Rental Management System v1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected System**: Storage Unit Rental Management System …

Read more
SQL Injection in Patient Appointment Scheduler System v1.0 with POC
github.com · 2026-04-18

# Patient Appointment Scheduler System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected System**: Patient Appointment Scheduler System v1…

Read more
CraftQL Plugin SSRF Vulnerability Analysis (Craft CMS)
github.com · 2026-04-18

# CraftQL SSRF Vulnerability Summary ## Vulnerability Overview CraftQL is a GraphQL plugin for Craft CMS. This plugin contains a **Server-Side Request Forgery (SSRF)** vulnerability when processing re…

Read more
Patient Appointment Scheduler System v1.0 SQL Injection Vulnerability with POC
github.com · 2026-04-18

# Patient Appointment Scheduler System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected Version**: Patient Appointment Scheduler System v…

Read more
SQL Injection in Storage Unit Rental Management System v1.0 with POC
github.com · 2026-04-18

# Storage Unit Rental Management System v1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Vulnerable File**: `/storage/admin/tenants/view_details.p…

Read more
simple-git unsafe plugin command injection via -u switch
github.com · 2026-04-18

# Simple Git Unsafe Plugin Vulnerability Summary ## Vulnerability Overview The `unsafe` plugin in the Simple Git library contains a security vulnerability that allows attackers to bypass security rest…

Read more
Storage Unit Rental Management System v1.0 SQL Injection Vulnerability (CVE-2024-70624e)
github.com · 2026-04-18

# Storage Unit Rental Management System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Vulnerability ID**: CVE-2024-70624e - **Author**: Liu Lan…

Read more
CVE-2026-38526: Krayin CRM Unrestricted File Upload Leading to RCE
github.com · 2026-04-18

# CVE-2026-38526 Vulnerability Summary ## Overview * **CVE ID**: CVE-2026-38526 * **Vulnerability Type**: Unrestricted File Upload leading to Remote Code Execution (CWE-434) * **Affected Product**: Kr…

Read more
CVE-2025-65132 Reflected XSS in hotel-management-php
github.com · 2026-04-18

# CVE-2025-65132 Vulnerability Summary ## Overview * **Vulnerability Type**: Reflected Cross-Site Scripting (Reflected XSS) * **CVE ID**: CVE-2025-65132 * **Affected Product**: hotel-management-php (v…

Read more
CVE-2026-38529: Krayin CRM BOLA Vulnerability Analysis
github.com · 2026-04-18

# CVE-2026-38529 Vulnerability Summary ## Overview * **Vulnerability Name**: Krayin CRM Broken Object-Level Authorization (BOLA) Vulnerability * **CVE ID**: CVE-2026-38529 * **Vulnerability Type**: Br…

Read more
Basic Library System v1.0 SQL Injection Vulnerability with POC
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Basic Library System v1.0 SQL Injection 2 - **Vulnerability Type**: SQL Injection - **Vulnerability Author**: Zhang Qi - **Vulnerable File…

Read more
CVE-2025-65136: Reflected XSS in School Management System via Textarea Breakout
github.com · 2026-04-18

# CVE-2025-65136 Vulnerability Summary ## Overview * **Vulnerability Type**: Reflected Cross-Site Scripting (Reflected XSS) – Textarea Breakout (CWE-79) * **Description**: In the School Management Sys…

Read more
Unauth Info Disclosure in React MERN Hotel Booking System /api/health/detailed Endpoint
github.com · 2026-04-18

### Vulnerability Overview **Vulnerability Name**: Sensitive Information Disclosure **Affected Software**: Hotel Booking Management System (React MERN FullStack) **Vulnerable Component**: Backend API …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.