Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Stirling-PDF Reflected XSS Vulnerability (CVE-2026-33436) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: Stirling-PDF Reflected XSS Vulnerability ## Overview - **Vulnerability Name**: Reflected XSS Triggered by Malicious Filename in File Upload Functionality - **Vulnerability Typ…

Read more
SiYuan Bazaar README XSS via iframe srcdoc (CVE-2026-40922)
github.com · 2026-04-18

# Vulnerability Summary: CVE-2026-33066 ## Overview **Title**: Incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan **CVE ID**: CVE-2026-40922 **Severity**: Moderate **CWE**: CWE-79…

Read more
sigstore timestamp-authority Improper Certificate Validation Bypass (CVE-2020-39984)
github.com · 2026-04-18

# Vulnerability Overview **Title**: Improper Certificate Validation in verifier **Severity**: Moderate (5.5 / 10) **CVE ID**: CVE-2020-39984 **GHSAs**: GHSA-xm5m-wgh2-rrg3 **Release Date**: 3 days ago…

Read more
SP1 V6 Recursive Circuit Row Count Binding Integrity Vulnerability
github.com · 2026-04-18

# Security Advisory: SP1 V6 Recursive Circuit Row Count Binding Vulnerability ## Vulnerability Overview A **soundness vulnerability** exists in the SP1 V6 recursive shard verifier, allowing a maliciou…

Read more
OpenJPEG Integer Overflow in Encoding Path Leading to Heap Buffer Overflow
github.com · 2026-04-18

# Vulnerability Summary: Integer Overflow in OpenJPEG Leads to Heap Buffer Overflow ## Overview There is an integer overflow vulnerability in the `opj_pi_initialise_encode()` function. The vulnerabili…

Read more
Homebox v0.25.0 Authorization Bypass via API for Removed Users (CVE-2026-40196)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-40196 - **Description**: This vulnerability allows users who have been removed from the default group to still access via API. ### Impact Sc…

Read more
CentSDR Thread1 Stack Overflow Vulnerability Analysis
github.com · 2026-04-18

# Potential Thread Stack Overflow Vulnerability (Thread1 #15) ## Vulnerability Overview There is a potential stack overflow risk in the `Thread1` thread function. Although the thread is initially allo…

Read more
CVE-2026-38532: Krayin CRM Broken Object-Level Authorization (BOLA) Analysis
github.com · 2026-04-18

# CVE-2026-38532 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Krayin CRM Broken Object-Level Authorization Vulnerability (BOLA/IDOR) * **CVE ID**: CVE-2026-38532 * **Vulne…

Read more
Krayin CRM SSRF Vulnerability (CVE-2026-38527) Analysis and Fix
github.com · 2026-04-18

# CVE-2026-38527 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Krayin CRM Server-Side Request Forgery (SSRF) * **CVE ID**: CVE-2026-38527 * **CVSS Score**: 8.6 (High) * **A…

Read more
Snipe-IT 8.4.0 Improper Authorization Vulnerability (CVE-2026-38533) Analysis and Fix
github.com · 2026-04-18

# CVE-2026-38533 Vulnerability Summary ## Overview * **CVE ID**: CVE-2026-38533 * **Vulnerability Type**: Improper Authorization / Privilege Escalation * **Affected Product**: Snipe-IT (version 8.4.0)…

Read more
Valtimo Platform: Fix Sensitive Data Logging and NPE in outbox module
github.com · 2026-04-18

# GH-653: Fixes for Sensitive Data Logging and Other Issues ## Vulnerability Overview This Pull Request fixes issues related to sensitive data logging, Null Pointer Exceptions (NPE), and error message…

Read more
Weblate Component File Path Validation Vulnerability Analysis
github.com · 2026-04-18

# Weblate Component File Path Validation Vulnerability Summary ## Vulnerability Overview This vulnerability involves a flaw in the component file path validation mechanism within the Weblate project. …

Read more
Varnish HTC_RxInit() NULL Pointer Crash Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Title**: Crash: Missing error handling code in HTC_RxInit(), cache/cache_session.c line 271 #15 - **Status**: Closed - **Reporter**: desdic - **Reported Time**:…

Read more
Weblate Asset URL Redirect Validation Bypass Analysis
github.com · 2026-04-18

# Weblate Asset URL Validation Vulnerability Summary ## Vulnerability Overview Weblate has an asset URL validation flaw. The system allows loading assets (such as screenshots) from untrusted sources b…

Read more
OpenJPEG CVE-2026-2192 Integer Overflow Vulnerability Analysis
github.com · 2026-04-18

# Vulnerability Summary: OpenJPEG Integer Overflow Vulnerability ## Overview - **Vulnerability ID**: CVE-2026-2192 - **Vulnerability Type**: Integer Overflow - **Affected Function**: `opj_pi_initialis…

Read more
OpenViking OpenAPI Unauthenticated RCE Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Unauthorized Remote Code Execution (RCE) - **Vulnerability ID**: #1447 - **Fix Commit**: c7bb167 - **Fix Time**: 2024 - **Af…

Read more
Weblate GroupSerializer Privilege Escalation via defining_project Field
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves an access control issue in the Weblate API. Specifically, the `validate()` method of `GroupSerializer` fails to properly prevent non-sup…

Read more
Vaitimo Fix: Sensitive Data in Logs & NPE in Event Mappers
github.com · 2026-04-18

# Vulnerability Summary ## Overview This commit fixes sensitive data logging issues, specifically including: - Logging sensitive data in inbox messages - Silent exceptions in cloud event mapping - Nul…

Read more
Weblate API Unauthorized Access to Pending Task Metadata Vulnerability
github.com · 2026-04-18

# Weblate API Access Control Vulnerability Summary ## Vulnerability Overview Weblate has an API access control vulnerability that allows unauthorized users to access metadata of pending tasks. The vul…

Read more
Weblate SSRF Vulnerability Analysis and Fix Guide
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves an issue with the use of the `fetch_url` function in the Weblate project. The `fetch_url` function does not adequately validate the targ…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.