Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23786+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Pillow FitsZipDecoder Resource Consumption Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview In the `FitsImagePlugin.py` file of the `Pillow` library, there is a potential security issue in the `decode` method of the `FitsZipDecoder` class. When processing …

Read more
Leaflet bindPopup() XSS Vulnerability (CVE-2025-69993) Analysis and Fix
github.com · 2026-04-18

# Vulnerability Summary: Leaflet bindPopup() XSS Vulnerability (CVE-2025-69993) ## Vulnerability Overview The Leaflet library contains a Cross-Site Scripting (XSS) vulnerability in the `bindPopup()` m…

Read more
py-pdf XMP Quadratic Entity Expansion DoS Vulnerability Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves high memory usage that may be triggered when parsing XMP metadata, due to bypassing the default limits of the `libexpat` library. Specifically, i…

Read more
OpenProject 2FA OTP Rate Limiting Bypass (CWE-307) Analysis
github.com · 2026-04-18

### Vulnerability Overview **Vulnerability Name**: Missing Rate Limiting for 2FA OTP Verification (CWE-307) **Description**: - The 2FA OTP verification (`confirm_otp_action`) lacks rate limiting, lock…

Read more
Pillow GZIP Decompression Bomb Fix (#9521) - DoS Prevention
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Pillow GZIP Decompression Bomb - **Vulnerability ID**: #9521 - **Description**: This vulnerability involves reading only the necessary dat…

Read more
openCryptoki BER/DER Decoder Memory Safety Vulnerabilities Analysis
github.com · 2026-04-18

# Memory safety vulnerabilities in BER/DER decoders in asn1.c ## Vulnerability Overview Memory safety vulnerabilities have been discovered in the BER/DER decoding functions of openCryptoki. These vuln…

Read more
Python CPython _remote_debugging Remote Debug Offset Table Validation Vulnerability
github.com · 2026-04-18

# Python CPython Remote Debug Offset Table Validation Vulnerability (#148178) ## Vulnerability Overview The `_remote_debugging` module in Python lacks strict validation mechanisms when reading externa…

Read more
Python bz2/lzma/zlib Decompressor UAF Vulnerability Fix Analysis
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: UAF (Use-After-Free) - **Vulnerability Description**: In the `LZMA_BZ2_ZlibDecompressor.decompress` method, when memory allocation fails and raises…

Read more
Python bz2/lzma/zlib Modules Use-After-Free Fix Analysis
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: gh-148395 - **Vulnerability Type**: Use-After-Free (UAF) - **Description**: In the `lzma_bz2_ZlibDecompressor` class, when memory allocation fails, t…

Read more
Blind SSRF in Image Edit Functionality (CVE-2026-3425)
github.com · 2026-04-18

# Vulnerability Summary: Blind Server Side Request Forgery in Image Edit Functionality ## Overview This is a blind Server-Side Request Forgery (Blind SSRF) vulnerability present in the functionality t…

Read more
openITCOCKPIT CVE-2026-24893 Authenticated Command Injection RCE
github.com · 2026-04-18

# Vulnerability Summary: openITCOCKPIT Authenticated Command Injection Leads to Remote Code Execution ## Overview - **Vulnerability Name**: Authenticated Command Injection Leading to Remote Code Execu…

Read more
Prometheus Stored XSS Fix: Unescaped Metric Names and Labels
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Title**: UI: Fix stored XSS via unescaped metric names and labels #18506 - **Description**: In Prometheus 3.x, due to the default allowance of UTF-8 characters,…

Read more
zrok CVE-2024-40302 Reflected XSS in GitHub OAuth Callback
github.com · 2026-04-18

# Vulnerability Overview **Vulnerability Name**: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering **Vulnerability Type**: Reflected Cross-Site Scripting (Reflecte…

Read more
OpenRemote 1.22.0 JavaScript Expression Injection & XXE Vulnerabilities (CVE-2026-39842/40882)
github.com · 2026-04-18

### Vulnerability Overview In OpenRemote version 1.22.0, two security vulnerabilities were discovered: 1. **CVE-2026-39842**: JavaScript expression injection vulnerability. 2. **CVE-2026-40882**: XXE …

Read more
Rizin Command Injection via Unvalidated DWARF Arg in libr/anal
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: Command Injection (cmd injection) - **Cause**: Unvalidated DWARF arg parameter is used in afsv #security - **Impact**: May lead to command injectio…

Read more
CVE-2024-40316: GitHub Actions Django makemigrations RCE via Untrusted Pull Requests
github.com · 2026-04-18

### Vulnerability Overview In GitHub Actions, there is a remote code execution (RCE) vulnerability through untrusted Django model execution. This vulnerability allows unauthenticated users to execute …

Read more
Python webbrowser module --newaction prefix bypass fix
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: gh-148169 - **Vulnerability Description**: Fixed a security issue in the `webbrowser` module where the `--newaction` parameter could bypass the dash …

Read more
Python webbrowser module newtab parameter bypass vulnerability (GH-148189)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: GH-148189 - **Vulnerability Description**: In the `webbrowser` module, the `newtab` parameter replacement bypasses the dash prefix check, allowing UR…

Read more
zrok CVE-2024-40303 Unauthenticated DoS via Unbounded Memory Allocation
github.com · 2026-04-18

# Vulnerability Overview **Title**: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing **Published by**: mikegerman-nf **Published time**: 2 days ago **Severity**: H…

Read more
CVE-2026-5713 Python Remote Debug Offset Table Validation Vulnerability and Fix
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview **CVE-2026-5713**: Python Remote Debugging Offset Table Validation Vulnerability. This vulnerability stems from Python's remote debugging feature fail…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.