Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Marimo CVE-2025-39587 Pre-Auth RCE via /terminal/ws WebSocket
github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** The `/terminal/ws` terminal WebSocket endpoint in Marimo contains a pre-authentication Remote Code Execution (RCE) vulnerability. This endpoint…

Read more
v2board AuthController Email Verification Logic Error Causing DoS
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** In the `v2board` project, the `AuthController.php` file contains a critical logic flaw within the `register`, `login`, and `forget` methods. During…

Read more
Lychee v7.5.3 SQL Operator Precedence Vulnerability (CVE-2026-39957) Bypasses Authorization
github.com · 2026-04-10

### Vulnerability Overview A SQL operator precedence vulnerability exists in the `SharingController::listAll()` method (line 138) of the Lychee Gallery software. This flaw allows the `orWhereNotNull(u…

Read more
HashGraph JS Custom Logic Worker Sandbox Escape via Function() Execution
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** The HashGraph JavaScript Custom Logic worker currently executes user-provided code using `Function()`. This causes user code to …

Read more
V2Board/Xboard Unauthorized Account Takeover via Magic Link Token Leakage
chocapikk.com · 2026-04-10

### Vulnerability Overview The Xboard and V2Board panels contain an unauthorized account takeover vulnerability caused by the "Magic Link Login" feature. When an administrator enables this feature, an…

Read more
Caddy Cache Poisoning Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name**: Improper Validation of Unsafe Equivalence in Input (Input Unsafe Equivalence Validation Failure) / Cache Poisoning. * …

Read more
Plane Platform SSRF in Favicon Fetching Analysis
github.com · 2026-04-10

# SSRF Vulnerability Summary in Plane Platform Favicon Retrieval ## Vulnerability Overview * **Vulnerability Name**: Full Read Server-Side Request Forgery (SSRF) in Favicon Fetching via Redirection * …

Read more
Directus v11.17.0 Security Update: Aggregation Sanitization Fix and Cookie Secure Attribute Support
github.com · 2026-04-10

Based on the provided GitHub Release page screenshot, here is the summary of security/vulnerability-related information: ### Vulnerability and Security Information Summary **1. Vulnerability Overview*…

Read more
ApacheSecureAuth LDAP Injection Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This is an **LDAP Injection** vulnerability. When the `ApacheAuthenticate.apacheEnv` configuration is not set to `REMOTE_USER` (par…

Read more
MISP Stored XSS, LDAP Injection, and Sensitive Config Fixes
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** * **Stored XSS in attributes of type link**: A stored XSS vulnerability exists in attributes of the link type. * **LDAP injection**…

Read more
Nuxt.js useHeadSafe HTML Entity Bypass XSS (CVE-2026-39315)
github.com · 2026-04-10

### Vulnerability Overview This vulnerability involves a bypass of the `hasDangerousProtocol()` function within the `useHeadSafe` component of the Nuxt.js framework. Attackers can exploit leading-zero…

Read more
Laravel Passport Authentication Bypass via Integer ID Collision in TokenGuard
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A logical flaw exists in Laravel Passport when applications use integers (non-UUIDs) as primary keys. If a user's ID coincidentally matches the ID …

Read more
AGiXT v1.9.2 Security Update: Fixes Code Injection, URL Normalization, and OAuth Auth Vulnerabilities
github.com · 2026-04-10

**Vulnerability Overview** This release (AGiXT v1.9.2) primarily addresses multiple security vulnerabilities and potential risks, with core issues including: 1. **Code Injection Vulnerabilities**: Cod…

Read more
ChurchCRM <= 7.0.5 XSS Vulnerability Analysis with PoC
github.com · 2026-04-10

### Vulnerability Summary: Multiple XSS (ChurchCRM/CRM) **1. Vulnerability Overview** * **Type:** Cross-Site Scripting (XSS) * **Description:** This vulnerability allows attackers to inject malicious …

Read more
agixt Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This is a **Path Traversal** vulnerability. In the `agixt` project's `essential_abilities.py` file, the `safe_join` function originally relied sole…

Read more
basic-ftp 5.2.0 CRLF Injection Leading to FTP Command Injection
github.com · 2026-04-10

# FTP Command Injection via CRLF in basic-ftp ## Vulnerability Overview `basic-ftp` version 5.2.0 allows FTP command injection via CRLF sequences (`\r\n`) in file path parameters passed to high-level …

Read more
libpng PLTE/tRNS/sBIT API Dangling Pointer Vulnerability Analysis
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This vulnerability exists within the libpng library, specifically involving the usage patterns of getter and setter APIs for the PLTE, tRNS, and sB…

Read more
Directus CVE-2023-39943 Sensitive Fields Exposed in Revision History
github.com · 2026-04-10

### Vulnerability Summary: Sensitive fields exposed in revision history (CVE-2023-39943) **1. Vulnerability Overview** Directus stores revision records in the `directus_revisions` table when items are…

Read more
n8n-mcp Post-Auth SSRF Vulnerability and Mitigation Guide
github.com · 2026-04-10

### Vulnerability Overview This is a post-authentication Server-Side Request Forgery (SSRF) vulnerability located within the `n8n-mcp` package. An attacker possessing a valid `AUTH_TOKEN` can induce t…

Read more
v2board/Xboard Authentication Token Exposure via loginWithMailLink
www.vulncheck.com · 2026-04-10

### Vulnerability Summary: v2board / Xboard Authentication Token Exposure via loginWithMailLink **1. Vulnerability Overview** This is an **Authentication Token Exposure** vulnerability with a severity…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.