Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Simple IT Discussion Forum V1.0 Unauthenticated SQL Injection Vulnerability
github.com · 2026-04-10

### Vulnerability Overview * **Affected Product**: Simple IT Discussion Forum * **Affected File**: `/question-function.php` * **Version**: V1.0 * **Vulnerability Type**: SQL Injection * **Root Cause**…

Read more
JimuReport BI Dashboard H2 JDBC Injection RCE Vulnerability
github.com · 2026-04-10

### Vulnerability Overview The `/drag/onDragDatasource/testConnection` endpoint in the jimureport BI Dashboard data source management module contains a Remote Code Execution (RCE) vulnerability. This …

Read more
jimureport v2.3.0 H2 JDBC URL RCE via INIT Parameter
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** In the data source management module of jimureport BI Dashboard, the `/drag/onDragDatasource/testConnection` endpoint fails to validate dangerous H…

Read more
api-lab-mcp SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF, CWE-918). * **Description**: The `api-lab-mcp` project contains an SSRF vulnerability within the MCP/HTTP tool h…

Read more
SSRF Vulnerability in api-lab-mcp (CVE-918) with POC
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) / 服务器端请求伪造 * **CVE ID**: CVE-918 * **Description**: An SSRF vulnerability was discovered in the MCP tools (`anal…

Read more
PHPGurukul News Portal V4.1 SQL Injection in /admin/check_availability.php
github.com · 2026-04-10

### Vulnerability Overview The `/admin/check_availability.php` file in PHPGurukul News Portal Project V4.1 contains a SQL injection vulnerability. This flaw is attributed to insufficient validation of…

Read more
TOTOLINK A7100RU cstecgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-10

# A7100RU Command Injection Vulnerability Summary ## Vulnerability Overview A command injection vulnerability has been identified in the `cstecgi.cgi` component of the TOTOLINK A7100RU router. This vu…

Read more
CVE-2020-5839: SQL Injection in PHPGurukul News Portal V4.1
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: PHPGurukul News Portal Project V4.1 /admin/add-subcategory.php SQL Injection * **Vulnerability Type**: SQL Injection * **Root Cause**: In the `admi…

Read more
Command Injection Vulnerability in mcp-server-taskwarrior and Fix Analysis
github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** A **Command Injection** vulnerability exists in the `mcp-server-taskwarrior` project. * **Cause:** The code utilizes the `child_process.execSync…

Read more
TOTOLINK A7100RU Router execcgi.cgi Command Injection Vulnerability with PoC
github.com · 2026-04-10

# A7100RU Vulnerability Summary ## Vulnerability Overview A command injection vulnerability has been identified in the `execcgi.cgi` file of the TOTOLINK A7100RU router. An attacker can exploit this b…

Read more
JimuReport Code Injection Vulnerability (CVE-2026-5848) Analysis
vuldb.com · 2026-04-10

# Vulnerability Summary: JimuReport Code Injection Vulnerability ## 1. Vulnerability Overview * **CVE ID**: CVE-2026-5848 * **Vulnerability Name**: jeeboot JimuReport up to 2.3.0 Data Source testConne…

Read more
Command Injection in mcp-server-taskwarrior via child_process.execSync
github.com · 2026-04-10

### Vulnerability Summary * **Vulnerability Overview**: The MCP server `mcp-server-taskwarrior` contains a command injection vulnerability. This issue arises from the unsafe use of `child_process.exec…

Read more
Movie Ticketing System v1.0 Sensitive Information Disclosure via Exposed DB Backup
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Sensitive Information Disclosure in Movie Ticketing System PHP Exposed Database Backup (Sensitive Information Disclosure / Movie Ticketing System P…

Read more
Simple IT Discussion Forum V1.0 SQL Injection Vulnerability Analysis
github.com · 2026-04-10

# Simple IT Discussion Forum SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Root Cause**: In the `/topic-details.php` file, the `post_id` par…

Read more
PHPGurukul News Portal V4.1 SQL Injection in add-subadmins.php
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: PHPGurukul News Portal Project V4.1 /admin/add-subadmins.php SQL Injection * **Vulnerability Type**: SQL Injection * **Affected Product**: News Por…

Read more
CVE-2026-5833: Command Injection in mcp-server-taskwarrior
vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-5833 * **Vulnerability Name**: awwalid mcp-server-taskwarrior up to 1.0.1 index.ts server.setRequestHandl…

Read more
MetaGPT Eval Injection Vulnerability in Test.exec_code() with API Key Exfiltration POC
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Type**: CWE-95 — Improper Neutralization of Directive in Dynamically Evaluated Code (Eval Injection). * **Seve…

Read more
Unauthenticated XSS in Simple IT Discussion Forum V1.0 /edit-category.php
github.com · 2026-04-10

# Vulnerability Summary: Simple IT Discussion Forum XSS Vulnerability ## Vulnerability Overview A **Cross-Site Scripting (XSS)** vulnerability exists in the `/edit-category.php` file of **Simple IT Di…

Read more
Orthanc DICOM Server Heap Buffer Overflow & DoS Vulnerabilities (CVE-2026-5437 to 5445)
kb.cert.org · 2026-04-10

# Vulnerability Summary: Multiple Heap Buffer Overflow Vulnerabilities in Orthanc DICOM Server ## Vulnerability Overview Multiple security vulnerabilities have been identified in Orthanc DICOM Server …

Read more
Unauthenticated Reflected XSS in Online Shoe Store V1.0
github.com · 2026-04-10

### Vulnerability Overview This is a Cross-Site Scripting (XSS) vulnerability located in the **Online Shoe Store Project V1.0** project maintained by `code-projects`. * **Vulnerability Location**: The…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.