Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Wago WBM OpenVPN Arbitrary Command Execution Vulnerability (CVE-2024-1490)
certvde.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability ID:** VDE-2024-008 / CVE-2024-1490 * **Description:** A security vulnerability exists in the Web-based Management (WBM) functiona…

Read more
Axios SSRF Vulnerability: no_proxy Bypass via Hostname Normalization Flaw
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in the Axios library. This vulnerability stems from a flaw in the hostname normalization …

Read more
WAGO OpenVPN Privilege Escalation RCE (CVE-2024-008) Advisory
wago.csaf-tp.certvde.com · 2026-04-10

### Vulnerability Summary: CVE-2024-008 **Vulnerability Overview** * **CVE ID**: CVE-2024-008 * **Severity**: High * **Description**: A security vulnerability exists in the Web-Based Management (WBM) …

Read more
LimeSurvey Authenticated Stored XSS Vulnerability (CWE-79)
gist.github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name**: Authenticated Stored Cross-Site Scripting (SXSS) * **Vulnerability Type**: Injection * **CWE**: CWE-79 (Improper Neut…

Read more
phpBB ACP CSRF Vulnerability (CVE-2025-70811) with POC
github.com · 2026-04-10

### Vulnerability Overview * **CVE ID:** CVE-2025-70811 * **Vulnerability Name:** ACP CSRF (Admin Control Panel Cross-Site Request Forgery) * **Description:** The Admin Control Panel (ACP) module (`ad…

Read more
phpBB 3.3.15 Login CSRF Vulnerability (CVE-2025-70810) with PoC
gist.github.com · 2026-04-10

### Vulnerability Summary: CVE-2025-70810 **1. Vulnerability Overview** * **CVE ID:** CVE-2025-70810 * **Vulnerability Type:** Cross-Site Request Forgery (CSRF) * **Affected Version:** phpBB 3.3.15 * …

Read more
Apache Airflow JWT Token Not Invalidated on Logout Fix
github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** When a user performs a logout operation in Apache Airflow, the existing JWT token mechanism fails to invalidate the token immediate…

Read more
CVE-2025-14551 Vulnerability Fix: Prevent Logging of Sensitive Identity and Network Secrets
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** * **CVE ID**: CVE-2025-14551 * **Title**: Stop logging identity data and network secrets (Stop logging identity data and network secrets) * **Descr…

Read more
MLflow Stored XSS via YAML Deserialization and Authorization Bypass
afine.com · 2026-04-10

### Vulnerability Overview This webpage reveals two critical security vulnerabilities within the MLflow platform: 1. **Stored XSS (via YAML Deserialization)**: * The MLflow frontend uses the insecure …

Read more
ChurchCRM SQL Injection Vulnerability Analysis with PoC and Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** SQL injection vulnerabilities were discovered in the following three files within ChurchCRM: * `GroupPropsFormRowOps.php` * `PersonCustomFieldsRowO…

Read more
Fast-DDS Integer Overflow Remote DoS Vulnerability Analysis
github.com · 2026-04-10

### Vulnerability Overview This is a remote denial-of-service (DoS) vulnerability located within **Fast-DDS**. * **Trigger Condition**: Occurs when **DDS Security** mode is enabled. * **Attack Vector*…

Read more
Kibana SSRF Vulnerability (CVE-2026-33458) Advisory and Mitigation
discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **Name:** Server-Side Request Forgery (SSRF) in Kibana One Workflow (Kibana One Workflow 中的服务器端请求伪造) * **Type:** CWE-918 - Server…

Read more
Kibana Fleet Authorization Bypass Vulnerability (CVE-2026-33461) Information Disclosure
discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** An improper authorization vulnerability (CWE-863) exists in Kibana Fleet, potentially leading to information disclosure (CAPEC-122)…

Read more
ElementsKit Elementor Addons <=3.7.9 Stored XSS via Simple Tab Widget
www.wordfence.com · 2026-04-09

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name:** ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read more
CVE-2026-33466: Logstash Arbitrary File Write and RCE via GeoIP Downloader
discuss.elastic.co · 2026-04-09

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name:** Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write (Logstash中…

Read more
The Plus Addons for Elementor <=6.4.9 Authenticated Stored XSS (CVE-2025-2385)
www.wordfence.com · 2026-04-09

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name:** The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - A…

Read more
WordPress Attendance Manager Authenticated SQL Injection via 'attmgr_off
www.wordfence.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter * *…

Read more
Awesome Support <=6.3.7 IDOR Vulnerability and Historical CVEs Summary
www.wordfence.com · 2026-04-09

### Vulnerability Key Information Summary #### 1. Vulnerability Overview * **Primary Vulnerability Title:** Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to U…

Read more
WordPress Elementor Plugin Multiple Vulnerabilities Summary (CVE-2025/2024)
www.wordfence.com · 2026-04-09

### Key Vulnerability Summary **Vulnerability Overview** This page discloses multiple security vulnerabilities in the WordPress plugin **Elementor Website Builder**. The primary risks include: * **Sto…

Read more
Simple Laundry System V1.0 Time-based Blind SQL Injection in /userchecklogin.php
github.com · 2026-04-09

# Vulnerability Summary ## Vulnerability Overview A critical **SQL injection** vulnerability was discovered in the `/userchecklogin.php` file of the **Simple Laundry System Project V1.0**. - **Vulnera…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.