Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23521+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Fixes for bsv-sdk/wallet: Certificate Forgery, VarInt Corruption, ARC Broadcast State Bypass
github.com · 2026-04-10

### Vulnerability Overview This Pull Request addresses three high-severity security vulnerabilities (F8.15, F1.3, F5.13) within the `bsv-sdk` and `bsv-wallet` libraries. These vulnerabilities involve …

Read more
bsv-sdk/wallet fixes: missing cert signature verification and VarInt encoding error
github.com · 2026-04-10

### Vulnerability Overview This issue documents two critical security patches (Hotfixes) for `bsv-sdk` and `bsv-wallet`, addressing three high-severity vulnerabilities identified during a compliance a…

Read more
LXD Backup Import/Export Config Inconsistency Fix
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This page describes a fix for the LXD backup import/export workflow. The core issue lies in the risk of "out-rule inconsistencies" …

Read more
bsv-sdk/wallet Certificate Signature Verification Bypass (CVSS 8.1)
github.com · 2026-04-10

### Vulnerability Overview A security vulnerability exists in the `acquire_certificate` method of **bsv-sdk** and **bsv-wallet**, allowing unverified certificate signatures to be persisted. * **Vulner…

Read more
LXD CVE-2026-3478 Project Restriction Bypass via Crafted Backup
github.com · 2026-04-10

# Vulnerability Summary: LXD Project Restriction Bypass ## 1. Vulnerability Overview * **Title**: Importing a crafted backup leads to project restriction bypass * **CVE ID**: CVE-2026-3478 * **CVSS v3…

Read more
libpng Use-after-free in png_set_PLTE, png_set_tRNS, png_set_hIST via getter/setter misuse
github.com · 2026-04-10

# Vulnerability Summary: Use-after-free in `png_set_PLTE`, `png_set_tRNS`, `png_set_hIST` ## Vulnerability Overview In the `libpng` library, a **Use-after-free (UAF)** vulnerability occurs when the po…

Read more
pyload WebUI JSON Endpoint Authorization Bypass (BOLA) in <=0.5.0b3
github.com · 2026-04-10

### Vulnerability Overview The permission checks executed at the WebUI JSON endpoints are weaker than those in the underlying core API methods they invoke. This allows authenticated low-privilege user…

Read more
web3.py SSRF via CCIP Read (CVE-2024-40772) Analysis and Fix
github.com · 2026-04-10

# Vulnerability Summary: web3.py SSRF via CCIP Read (EIP-3668) ## 1. Vulnerability Overview The `web3.py` library contains a Server-Side Request Forgery (SSRF) vulnerability in its implementation of t…

Read more
OpenSense LDAP Authentication LDAP Injection Vulnerability and Fix
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** An LDAP injection vulnerability exists within the OpenSense LDAP authentication module. The `searchUsers` method fails to escape us…

Read more
LXD Certificate Type Bypass Privilege Escalation (PoC & Fix)
github.com · 2026-04-10

### Vulnerability Overview In LXD, a restricted TLS certificate user can escalate privileges by modifying the certificate type (from `client` to `server`), ultimately obtaining `cluster admin` permiss…

Read more
bsv-sdk/bsv-wallet Vulnerability Fixes: VarInt Corruption, Silent Broadcast Failure, Unverified Signature Persistence
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **F1.3 — VarInt_encode silent protocol corruption (HIGH):** The `VarInt.encode` method silently emits incorrect bytes (e.g., `…

Read more
LXD Restricted Project Privilege Escalation via AppArmor/QEMU Injection
github.com · 2026-04-10

### Vulnerability Overview This vulnerability exists in the `lxd/project/limits/permissions.go` file of the LXD container management platform. The function `isVMLowLevelOptionForbidden` fails to hardc…

Read more
Wasmtime Cranelift f64x2.splat DoS Vulnerability on x86-64
github.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64 * **Vu…

Read more
Wasmtime 43.0.0 Use-after-free in wasmtime::Linker Clone
github.com · 2026-04-10

### Vulnerability Summary: Use-After-Free in `wasmtime::Linker` After Cloning **Vulnerability Overview** In `wasmtime` version 43.0.0, cloning a `wasmtime::Linker` object constitutes undefined behavio…

Read more
MapServer Security Advisory: CVE-2020-33721, CVE-2020-59431 and Fix Guidance
mapserver.org · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** * **CVE-2020-33721**: A security flaw exists in the MapServer SLD (Styled Layer Descriptor) parser. * **CVE-2020-59431**: A security flaw exists…

Read more
OWASP: Information Exposure Through Query Strings in URL
owasp.org · 2026-04-10

# OWASP: Information Exposure Through Query Strings in URL ## Vulnerability Overview Information exposure occurs when sensitive data (such as usernames, passwords, tokens, database details, and other …

Read more
CVE-2026-30478: Local Privilege Escalation via DLL Injection in MapServer for Windows (MS4W)
github.com · 2026-04-10

### Vulnerability Overview * **CVE ID:** CVE-2026-30478 * **Vulnerability Name:** Local Privilege Escalation for MapServer for Windows (MS4W) * **Vulnerability Type:** Insecure Permissions / Dynamic-l…

Read more
MapServer <8.0 RCE via DLL Injection (CVE-2026-30479) with POC
github.com · 2026-04-10

### Vulnerability Summary: CVE-2026-30479 **Vulnerability Overview** CVE-2026-30479 is a Dynamic-link Library (DLL) injection vulnerability present in the OSGeo Project MapServer. This vulnerability a…

Read more
SonicWall SMA1000 Multiple Vulnerabilities Advisory (CVE-2026-4112/4113/4114/4116)
psirt.global.sonicwall.com · 2026-04-10

### Vulnerability Overview **Advisory ID**: SMAUD-2026-0003 **Overall CVSS Score**: 7.2 **Affected Products**: SonicWall SMA1000 Series Devices This advisory concerns four primary vulnerabilities: 1. …

Read more
GNUTLS CVE-2026-1584 Remote DoS via NULL Pointer Dereference
bugzilla.redhat.com · 2026-04-10

# Vulnerability Summary: CVE-2026-1584 ## Vulnerability Overview * **CVE ID:** CVE-2026-1584 * **Vulnerability Type:** Remote Denial of Service * **Description:** A malicious TLS client can trigger a …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.