Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Discord Bot Group DM Route and Auth Logic Vulnerability Fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview This commit fixes routing and authentication logic vulnerabilities related to Group DM (Group Direct Message) component interactions in the Discord bot. The main is…

Read more
openclaw Discord Slash Commands Bypass Group DM Channel Allowlist
github.com · 2026-04-24

# Discord Slash Commands Bypass Group DM Channel Allowlist ## Vulnerability Overview - **Vulnerability Name**: Discord Slash Commands Bypass Group DM Channel Allowlist - **Severity**: Low - **Descript…

Read more
OpenClaw Gateway Shared Secret Rate Limit Bypass Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview The OpenClaw gateway failed to properly retain shared secret rate limiting during hybrid handshake processes, resulting in bypass of security restrict…

Read more
OpenClaw Gateway Trusted Proxy Bypass Vulnerability and Fix
github.com · 2026-04-24

# OpenClaw Vulnerability Summary ## Vulnerability Overview A security vulnerability exists in the OpenClaw gateway that allows an attacker to bypass the HTTP source check of the trusted proxy by forgi…

Read more
OpenClaw Cross-Origin Redirect Sensitive Information Disclosure Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview OpenClaw has a sensitive information leakage vulnerability during Cross-Origin Redirects. When the application performs a cross-origin redirect, it in…

Read more
OpenClaw Pairing Request Counting Logic Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a logic error in the pairing request counting within the OpenClaw project. Specifically: - When limiting the number of pen…

Read more
OpenClaw Telegram Pairing AllowFrom Migration Logic Defect
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview There is a migration logic flaw in the Telegram pairing allow list (`pairing allowFrom`) within the OpenClaw project. This flaw causes the system to f…

Read more
Gateway Service Unauthenticated Command Execution via Node Pairing Bypass
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Unauthorized Access to Node Pairing Commands - **Vulnerability Description**: Allows execution of node commands before node …

Read more
OpenClaw fix for workspace .env variable override vulnerability
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves a fix for the override of the `bundled-root` environment variable in the `workspace` configuration file. The specific issue is that certain envir…

Read more
OpenClaw Connection Snapshot Metadata Unauthorized Access Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves an issue with the administrator-scoped client in the OpenClaw project related to connection snapshot metadata. Specific manifestations are: - Con…

Read more
Telynx Webhook Signature Verification Bypass Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the webhook security verification mechanism of Telynx. An attacker can bypass Telynx’s signature verification by crafting specific requests, ther…

Read more
libxml2 CVE-2026-6732 DoS via XSD Validation SIGSEGV Analysis
bugzilla.redhat.com · 2026-04-24

# Bug 2461300 Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2026-6732 - **Vulnerability Type**: Denial of Service - **Trigger Condition**: Triggered by a specially crafted XSD vali…

Read more
Radare2 Project Deletion Path Traversal Vulnerability Fix
github.com · 2026-04-24

# [security] fix(project): confine project deletion to dir.projects #25830 ## Vulnerability Overview This PR fixes a security vulnerability in the Radare2 project deletion process. The vulnerability a…

Read more
CVE-2026-26210: RCE via Unsafe Pickle Deserialization in gRPC PolicyServer balance_serve Module
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-26210 - **Description**: In the `balance_serve` module of gRPC PolicyServer, due to the use of the insecure `pickle.loads()` method, an at…

Read more
r2mcp Arbitrary Host Command Execution via Shell Escape in MCP Tools
github.com · 2026-04-24

# [Security] Arbitrary Host Command Execution via ! shell escape in MCP tools #45 ## Vulnerability Overview The r2mcp server exposes radare2's host shell escape functionality (`!`) through the `run_ja…

Read more
r2mcp Sandbox Mechanism Disabled by Default Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #45 - **Vulnerability Type**: Sandbox mechanism disabled by default - **Description**: In the `r2mcp` tool, the sandbox featur…

Read more
ktransformers CVE-2026-26210 Unauthenticated RCE via Pickle Deserialization
chocapikk.com · 2026-04-24

### Vulnerability Overview **CVE-2026-26210**: Unauthenticated remote code execution (RCE) vulnerability in ktransformers, achieved via pickle deserialization in the ZMQ dispatcher. - **Vulnerability …

Read more
FlowiseAI GraphCypherQAChain Cypher Injection Vulnerability Analysis
github.com · 2026-04-24

# Vulnerability Summary: Cypher Injection in GraphCypherQAChain ## Overview In the `GraphCypherQAChain` node of FlowiseAI, user-provided input is directly passed into the Cypher query execution pipeli…

Read more
Radare2 Project Import Symlink Bypass Allows Arbitrary File Read/Write
github.com · 2026-04-24

# [security] fix(project): ignore symlinked imported notes #25831 ## Vulnerability Overview This vulnerability exists in Radare2's project import functionality. When importing a malicious `.zrp` proje…

Read more
HuggingFace LeRobot Unauthenticated RCE via Pickle Deserialization (CVE-2026-25874)
chocapikk.com · 2026-04-24

# CVE-2026-25874: HuggingFace LeRobot Deserialization Remote Code Execution Vulnerability ## Vulnerability Overview The asynchronous inference module of HuggingFace’s open-source robotics framework Le…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.