Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Vertex Addons for Elementor Missing Authorization Arbitrary Plugin Installation (CVE-2026-4326)
www.wordfence.com · 2026-04-11

### Vulnerability Key Information Summary **Vulnerability Name** Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activatio…

Read more
WordPress Gravity SMTP Missing Authorization Vulnerability (<=2.1.4)
www.wordfence.com · 2026-04-11

# Key Vulnerability Information Summary ## Vulnerability Overview The Gravity SMTP plugin for WordPress is affected by a Missing Authorization vulnerability. Due to the plugin failing to properly veri…

Read more
Stored XSS in AddFunc Head & Footer Code for WordPress <= 2.3
www.wordfence.com · 2026-04-11

**Vulnerability Overview** The AddFunc Head & Footer Code plugin contains a stored cross-site scripting (Stored XSS) vulnerability. The plugin stores user input via the post meta fields `aHfnc_head_co…

Read more
Chamillo LMS Open Redirect via Unvalidated 'page' Parameter in Session Course Edit
github.com · 2026-04-11

### Vulnerability Intelligence Summary **Vulnerability Name**: Open Redirect via Unvalidated 'page' Parameter in Session Course Edit (2.0.0 RC) **Summary/Description**: Chamillo LMS version 2.0.0 RC c…

Read more
Chamillo LMS IDOR in Gradebook Allows Cross-Course Deletion of Student Grades
github.com · 2026-04-11

# Vulnerability Summary: Chamillo LMS IDOR Vulnerability ## Vulnerability Overview This is an IDOR (Insecure Direct Object Reference) vulnerability. In the gradebook result view page of Chamillo LMS, …

Read more
Axios CRLF Header Injection Leading to Cloud Metadata Exfiltration Fix
github.com · 2026-04-11

### Vulnerability Overview **Title**: `fix: unrestricted cloud metadata exfiltration via header injection chain #10660` This is a security fix for the Axios library aimed at preventing attackers from …

Read more
Rocket.Chat Open Redirect Vulnerability (CVE-2026-22560) Advisory and Fix
hackerone.com · 2026-04-11

### Vulnerability Key Information Summary * **Vulnerability Overview**: An open redirect vulnerability exists in Rocket.Chat. The `/_ssl_redirect/provider` endpoint includes a redirect query string va…

Read more
Rocket.Chat SAML SLO Open Redirect Vulnerability Fix (PR #38994)
github.com · 2026-04-11

### Key Vulnerability Information Summary **Vulnerability Overview** The SAML Single Logout (SLO) redirect functionality contains a vulnerability. Because the `processSLORedirectAction` function direc…

Read more
Chartbrew Template API Cross-Tenant Access Control Fix
github.com · 2026-04-11

### Vulnerability Overview Fixed a **cross-tenant (cross-team) operation vulnerability** in the `TemplateRoute` API route of the `chartbrew` project. The original code did not strictly verify the cons…

Read more
Vehicle Showroom Management System V1.0 Unauthenticated XSS in ServiceAndSalesReport.php
github.com · 2026-04-10

# Vulnerability Summary: Vehicle Showroom Management System XSS Vulnerability ## 1. Vulnerability Overview * **Vulnerability Type:** Cross-Site Scripting (XSS) * **Affected Product:** Vehicle Showroom…

Read more
Vehicle Showroom Management System ProfitAndLossReport.php Reflected XSS
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Vehicle Showroom Management System Project V1.0 /ProfitAndLossReport.php cross site scripting * **Vulnerability Type**: XSS (Cross-Site Scripting) …

Read more
Unauthenticated XSS in Code-Projects Vehicle Showroom 1.0 ProfitAndLossReport.php (CVE-2026-6034)
vuldb.com · 2026-04-10

# Vulnerability Intelligence Summary ## Vulnerability Overview * **Vulnerability Name**: Code-Projects Vehicle Showroom Management System 1.0 ProfitAndLossReport.php BRANCH_ID Cross-Site Scripting (XS…

Read more
OpenStack Skyline Console DOM-based XSS Vulnerability (CVE-2026-40212) Analysis
bugs.launchpad.net · 2026-04-10

### Vulnerability Overview * **Title**: [OSSA-2026-006] DOM-based XSS in Skyline Console via unsanitized instance console log rendering * **CVE ID**: CVE-2026-40212 * **Description**: This is a DOM-ba…

Read more
Bluebubbles Webhook IP Spoofing Bypasses Rate Limiting Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** Bluebubbles (an iMessage server implementation) contains a logic flaw when processing Webhook requests. The previous implementation failed to corre…

Read more
openwisp openwisp-wifi-control-lts Gateway Privilege Escalation via Silent Reconnect
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This is a privilege escalation vulnerability located within the Gateway component. An attacker can exploit the "silent reconnect" mechanism to esca…

Read more
Mattermost Fix for Google Chat/Mattermost Integration Token Validation Bypass
github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** This commit addresses a security issue where inbound callback and allowlist checks within Google Chat and Mattermost integrations were insuffic…

Read more
OpenClaw Telegram Webhook Brute-Force Vulnerability Fix and Rate Limiting
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This commit addresses a security vulnerability in the Telegram Bot Webhook authentication mechanism. Attackers could brute-force th…

Read more
MCP Server DNS Rebinding Vulnerability and Host Header Validation Fix
github.com · 2026-04-10

### Summary of Critical Vulnerability Information **1. Vulnerability Overview** The MCP server contains a **DNS rebinding vulnerability**. This vulnerability arises because the server fails to validat…

Read more
JLexArt Joomla Extensions Vulnerability Fixes Update
jlexart.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This page is the Changelogs page for products from the Joomla extension provider JLexArt. The logs record that multiple Joomla exte…

Read more
Feishu Webhook Signature Verification Bypass and DoS Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Feishu (Lark) Webhook processor. Prior to the fix, the code parsed the request payload before verifying the …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.