Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Vehicle Showroom Management System V1.0 Pre-Auth SQL Injection Vulnerability with POC
github.com · 2026-04-18

# Vulnerability Summary: Vehicle Showroom Management System SQL Injection Vulnerability ## Vulnerability Overview * **Affected Product**: Vehicle Showroom Management System Project V1.0 * **Vulnerabil…

Read more
SQL Injection in Simple CMS PHP (CVE-2026-6183) with PoC
github.com · 2026-04-18

# SQL Injection Vulnerability Summary (CVE-2026-6183) ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (CWE-89) * **Affected Product**: Simple Content Management System PHP (version 1…

Read more
Vision Helpdesk Serialized IDOR Vulnerability PoC and Exploitation Analysis
github.com · 2026-04-18

# Vulnerability Summary: Vision Helpdesk Serialized IDOR Vulnerability ## Vulnerability Overview This repository contains a Proof-of-Concept (PoC) exploit code for a **Serialized Insecure Direct Objec…

Read more
Windows Management Services Local Privilege Escalation via Race Condition (CVE-2026-20930)
msrc.microsoft.com · 2026-04-18

# Windows Management Services Elevation of Privilege Vulnerability (CVE-2026-20930) ## Overview * **Vulnerability Name**: Windows Management Services Elevation of Privilege Vulnerability * **CVE ID**:…

Read more
TOTOLINK A800R Router Stack Buffer Overflow Vulnerability Analysis
github.com · 2026-04-18

# TOTOLINK A800R Buffer Overflow Vulnerability Summary ## Vulnerability Overview The firmware of the TOTOLINK A800R router contains a stack buffer overflow vulnerability in the `setAppEasyWizardConfig…

Read more
CVE-2026-40476: DoS via quadratic complexity in webonyx/graphql-php OverlappingFieldsCanBeMerged validation
github.com · 2026-04-18

# Vulnerability Summary: Denial of Service via Quadratic Complexity in OverlappingFieldsCanBeMerged Validation ## Overview - **Vulnerability Name**: Denial of Service via Quadratic Complexity in Overl…

Read more
Unauthenticated RCE in CowAgent (chatgpt-on-wechat) via /message endpoint
github.com · 2026-04-18

# Unauthorized Remote Code Execution Vulnerability (CowAgent #2741) ## 1. Vulnerability Overview * **Vulnerability Type**: Unauthenticated Remote Code Execution * **Root Cause**: CowAgent’s Web Consol…

Read more
Sonatype Nexus Repository Cache Functionality Fix (NEXUS-43268)
help.sonatype.com · 2026-04-18

Based on the provided webpage screenshot, here is a summary of the key information regarding the vulnerability: ### Vulnerability Overview - **Vulnerability ID**: NEXUS-43268 - **Description**: The ca…

Read more
Zarf CVE-2024-40090 Path Traversal Arbitrary File Write via Metadata.Name
github.com · 2026-04-18

# Vulnerability Overview **Title**: Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write **CVE ID**: CVE-2024-40090 **CVSS Score**: 7.1 / 10 (High) **Published**: 3 days ago **Des…

Read more
Keras TFSMLayer Bypasses safe_mode Leading to RCE (CVE-2026-1462)
huntr.com · 2026-04-18

# TFSMLayer Bypass `safe_mode=True` Vulnerability Summary ## Vulnerability Overview **CVE-2026-1462** **Severity**: High (8.8) **Affected Component**: `keras-team/keras` (TFSMLayer class) **Core Issue…

Read more
Ivanti Neurons for ITSM Security Bulletin: CVE-2026-4913/4914 Fix
hub.ivanti.com · 2026-04-18

# Ivanti Neurons for ITSM Security Advisory Summary ## Vulnerability Overview Ivanti has released updates for Ivanti Neurons for ITSM to address two medium-severity vulnerabilities: | CVE ID | Descrip…

Read more
HostBill 2.11.0 Backup Module RCE Vulnerability and POC
hostbillapp.com · 2026-04-18

# HostBill Vulnerability Intelligence Summary ## Vulnerability Overview HostBill has a remote code execution vulnerability that allows an attacker to execute arbitrary code on the server by crafting m…

Read more
MongoDB C Driver bson_validate UTF-8 Validation Bypass (CDRIVER-6017)
jira.mongodb.org · 2026-04-18

# MongoDB C Driver Vulnerability Summary ## Overview A flaw exists in the `bson_validate` function of the MongoDB C Driver, where validation fails to correctly detect and report errors when strings or…

Read more
Nitro PDF Pro mailDoc() Use-After-Free Vulnerability (CVE-2025-69627) Analysis and POC
jeroscope.com · 2026-04-18

# Nitro PDF Pro mailDoc() Use-After-Free Vulnerability Summary ## Overview - **CVE ID**: CVE-2025-69627 - **Vulnerability Type**: Use-After-Free (UAF) - **Affected Software**: Nitro PDF Pro 14.41.1.4 …

Read more
Nitro PDF Pro Empty XFA Denial of Service Vulnerability (CVE-2025-66769)
jeroscope.com · 2026-04-18

# Nitro PDF Pro Null XFA Denial of Service Vulnerability (CVE-2025-66769) ## Vulnerability Overview A denial of service vulnerability exists in Nitro PDF Pro 14.41.1.4. When opening a malicious PDF fi…

Read more
Apache PDFBox ExtractEmbeddedFiles Path Traversal Vulnerability (CVE-2026-33929)
lists.apache.org · 2026-04-18

# CVE-2026-33929: Path Traversal Vulnerability in Apache PDFBox ExtractEmbeddedFiles Sample Code ## Vulnerability Overview The `ExtractEmbeddedFiles` sample code of Apache PDFBox contains a path trave…

Read more
CVE-2025-66236: Apache Airflow Configuration Key Leakage
lists.apache.org · 2026-04-18

# CVE-2025-66236: Apache Airflow Configuration Secret Leakage Vulnerability ## Vulnerability Overview Prior to Apache Airflow 3.0.0, DAG run log UI would record secrets from the Airflow configuration …

Read more
jQuery 3.5+ HTML Parsing Change Leading to XSS Vulnerability Analysis
jquery.com · 2026-04-18

# jQuery Core 3.5 Upgrade Guide: HTML Parsing Vulnerability Summary ## Vulnerability Overview jQuery version 3.5 modifies the `jQuery.htmlPrefilter` function, changing how HTML strings are parsed. In …

Read more
SAP ID Login Page Username Enumeration Vulnerability with POC
me.sap.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows the login page of SAP ID, which contains an input field for entering “Email, User ID or Login Name.” This page may have a **username enumeration…

Read more
Windows Hyper-V Remote Code Execution Vulnerability (CVE-2026-26156) Advisory
msrc.microsoft.com · 2026-04-18

# Windows Hyper-V Remote Code Execution Vulnerability (CVE-2026-26156) ## Vulnerability Overview * **Vulnerability Name**: Windows Hyper-V Remote Code Execution Vulnerability * **CVE ID**: CVE-2026-26…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.