Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Juniper Junos OS NETCONF Session DoS Vulnerability (CVE-2026-21919) Advisory
kb.juniper.net · 2026-04-10

### Vulnerability Overview * **Vulnerability Name:** Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting netconf sessions causes management unavailability * **CVE ID:** CVE…

Read more
Dockyard v1.0.1 Unauthenticated CSRF Leading to Container Start/Stop
github.com · 2026-04-10

### Vulnerability Overview An unauthenticated Cron endpoint vulnerability exists in Dockyard. The starting and stopping operations of Docker containers are executed via GET requests and lack CSRF (Cro…

Read more
LangChain Prompt Template Injection Vulnerability Fix
github.com · 2026-04-10

# Vulnerability Summary: LangChain Prompt Template Injection Fix ## Vulnerability Overview This commit fixes a security vulnerability in the LangChain core library's Prompt templates. The previous imp…

Read more
CVE-2024-40149: praisonai Unauthenticated Allow-List Manipulation Bypass
github.com · 2026-04-10

# Vulnerability Summary: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls ## Vulnerability Overview This vulnerability exists within the gateway component of `prais…

Read more
Praisonal OS Command Injection Vulnerability (CVE-2024-40088) Analysis and PoC
github.com · 2026-04-10

# Vulnerability Summary: Praisonal OS Command Injection (CVE-2024-40088) ## 1. Vulnerability Overview * **Vulnerability Name**: Improper Neutralization of Special Elements used in an OS Command ('OS C…

Read more
LangChain langchain-core Prompt Template Attribute Access Vulnerability Leading to RCE and Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Prompt Template component of the LangChain core library (`langchain-core`). Attackers can access high-risk P…

Read more
FluxCD notification-controller GCR Receiver verification hardening
github.com · 2026-04-10

**Vulnerability Overview** This is a security hardening-related Pull Request (#1279) aimed at improving the verification mechanism of the GCR Receiver in `fluxcd/notification-controller`. By adding `e…

Read more
Praisonal <=4.5.117 RCE via Unverified Remote Template Execution
github.com · 2026-04-10

### Vulnerability Overview **Praisonal** contains a critical security vulnerability (CVE-2026-40154) that allows **Remote Code Execution (RCE)**. This vulnerability stems from Praisonal treating remot…

Read more
Flux notification-controller GCR Receiver Unauthenticated Access via OIDC Email Validation Bypass
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the GCR Receiver type within the Flux notification-controller, where the `email` claim in Google OIDC tokens is …

Read more
Praisonal WSGI Server Local DoS via Unbounded Content-Length (CVE-2026-40115)
github.com · 2026-04-10

### Vulnerability Overview The WSGI recipe registry server (`server.py`) relies solely on the `Content-Length` header provided by the client when reading HTTP request bodies and lacks an upper limit. …

Read more
flatpak-builder CVE-2026-39977 Path Traversal Arbitrary File Read Vulnerability with PoC
github.com · 2026-04-10

### Vulnerability Overview * **CVE ID**: CVE-2026-39977 * **Title**: Path traversal leading to arbitrary file read on host when installing licence files * **Severity**: High * **Description**: flatpak…

Read more
Beszel IDOR Vulnerability: API Endpoints Lack System ID Authorization Check
github.com · 2026-04-10

# IDOR in hub API endpoints that read system ID from URL parameter ## Vulnerability Overview Certain API endpoints in Beszel accept a user-provided system ID without further verification to ensure the…

Read more
prisonaagents web_crawl SSRF and Local File Read Vulnerability
github.com · 2026-04-10

### Vulnerability Overview An SSRF (Server-Side Request Forgery) and local file read vulnerability exists in the `web_crawl` function of the `prisonaagents` tool. The function accepts arbitrary URLs f…

Read more
prisonaiaagents Command Injection Vulnerability (CVE-2024-40111) Analysis
github.com · 2026-04-10

### Vulnerability Overview This vulnerability is located in the `memory/hooks.py` file of the `prisonaiaagents` package. The Memory Hooks Executor passes user-controlled command strings directly to `s…

Read more
praisonai CVE-2024-40113 gcloud --set-env-vars Unsanitized Comma Injection
github.com · 2026-04-10

### Vulnerability Overview **Title:** Unsanitized Comma in gcloud --set-env-vars **CVE ID:** CVE-2024-40113 **CVSS Score:** 8.4 (High) **Description:** In the `deploy.py` script of `praisonai`, when c…

Read more
AgentOS Unauth Info Disclosure & System Prompt Extraction via /api/agents
github.com · 2026-04-10

### Vulnerability Overview This vulnerability exists within the AgentOS deployment platform, primarily involving unauthorized information disclosure at the `/api/agents` endpoint. - **Core Issue**: Th…

Read more
praisonaiagents env var info disclosure via os.path.expandvars
github.com · 2026-04-10

### Vulnerability Overview In the `shell_tools.py` file of the `praisonaiagents` package, the `execute_command` function contains a security vulnerability when calling `os.path.expandvars()`. Although…

Read more
PraisonAI Unauthenticated WebSocket Proxy to OpenAI Realtime API Causing API Credit Exhaustion
github.com · 2026-04-10

# Vulnerability Summary: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits ## Vulnerability Overview This vulnerability exists in the `prisona/praisonai/api/ca…

Read more
Decompression Bomb DoS in praisonal safe_extractall() without size limits
github.com · 2026-04-10

# Vulnerability Summary: Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits ## Vulnerability Overview This vulnerability exists in the `safe_extractall()` function of the `praison…

Read more
LangChain f-string Template Injection Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Overview The prompt templates in the LangChain core library are susceptible to **f-string template injection** vulnerabilities. Attackers can construct malicious f-string template in…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.