Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
WordPress File Upload Plugin Unauth File Read & RCE Analysis (CVE-2024-9939/CVE-2024-11635)
abrahack.com · 2026-04-09

### Vulnerability Overview This article details two critical security vulnerabilities in the WordPress File Upload plugin: 1. **CVE-2024-9939 (CVSS 7.5):** An unauthenticated arbitrary file read vulne…

Read more
ci4ms Post-Installation Re-entry via Cache-Dependent Install Guard Bypass
github.com · 2026-04-09

### Vulnerability Summary: Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms **Affected Versions** * **Affected Versions**: ` lang('Install.databaseHost'), 'rules' => 'requi…

Read more
CVE-2024-10571: LFI Vulnerability in Chartify WordPress Plugin Analysis
abrahack.com · 2026-04-09

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2024-10571 * **Vulnerability Type**: Local File Inclusion (LFI) * **CVSS Score**: 9.8 (Critical) * **Description**: This vulne…

Read more
Reflected XSS in Simply Schedule Appointments WordPress Plugin (CVE-2024-13431)
blog.lucianohanna.com.br · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2024-13431 * **Vulnerability Type:** Reflected Cross-Site Scripting (Reflected XSS) * **CVSS Score:** 6.1 (Med…

Read more
LobeHub Auth Bypass via XOR-obfuscated Header (GHSA-5m9j-5jsw-5c97) and Fix
github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** This is an Authentication Bypass vulnerability. An attacker can bypass authentication by forging the `X-lobes-chat-auth` request he…

Read more
Hono SSG Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The SSG (Static Site Generation) module of the Hono framework contains a Path Traversal vulnerability. Attackers can craft paths containing `../` t…

Read more
prisonagents Sandbox Escape via Exception Frame Traversal (CVSS 9.9)
github.com · 2026-04-09

### Vulnerability Overview The vulnerability exists in the `python_tools.py` file within the `prisonagents` package. In `execute_code()` when operating in `subprocess` mode (`sandbox_mode="sandbox"`),…

Read more
Saleor Cross-Account Email Change Authorization Bypass
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This is a business logic and authorization vulnerability (Cross-Account Email Change via Unbound Confirmation Token). In the account email change w…

Read more
honojs/hono IP restriction middleware bypass fix for IPv4-mapped IPv6
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This commit fixes a logic flaw in the `hono` project's `ip-restriction` middleware when handling **IPv4-mapped IPv6 addresses** (e.g., `::ffff:192.…

Read more
LiquidJS Symlink Bypass Arbitrary File Read Vulnerability
github.com · 2026-04-09

### Vulnerability Overview The LiquidJS template engine performs root directory restriction checks only on the parsed path string when loading partials and layouts files, without resolving the actual …

Read more
LORIS document_repository Insecure Direct Object Reference Vulnerability and Patch Analysis
github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: Incorrect access checks in document_repository * **Severity**: Moderate * **Description**: Although the f…

Read more
LORIS survey_accounts XSS Vulnerability (CVE-2020-35403) and Patch Analysis
github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Title**: Potential cross-site scripting in survey_accounts module (survey_accounts 模块中的潜在跨站脚本攻击) * **CVE ID**: CVE-2020-3540…

Read more
Stored XSS in Immich 360° Panoramic Viewer via OCR
github.com · 2026-04-09

# Vulnerability Summary: Stored XSS in 360° Panoramic Viewer via OCR ### Vulnerability Overview This is a Stored Cross-Site Scripting (Stored XSS) vulnerability. In the 360° Panoramic Viewer, when the…

Read more
OpenTelemetry Go SDK Race Condition and DoS Fixes
github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Race Condition**: In the `go.opentelemetry.io/otel/sdk/metric` module, the `lastvalue` aggregation logic contains a race con…

Read more
LobeChat webapi Authentication Bypass via XOR-obfuscated Header Forgery
github.com · 2026-04-09

### Vulnerability Overview The authentication layer of `webapi` trusts the `X-lobe-chat-auth` header, which is controlled by the client. This header is only obfuscated using XOR with a hardcoded key a…

Read more
LORIS Publication Module SSRF via Untrusted baseURL Input
github.com · 2026-04-09

# Vulnerability Summary: Improper Trust of User Input in Publication Module ## Vulnerability Overview A security vulnerability exists within the publication module of the LORIS system. The system erro…

Read more
Vim NetBeans Integration Command Injection Vulnerability (CVE-2026-39881) Analysis
github.com · 2026-04-09

### Vulnerability Overview **Command Injection Vulnerability in Vim NetBeans Integration (CVE-2026-39881)** The NetBeans interface for Vim (`:help netbeans`) allows external editor servers to communic…

Read more
LORIS help_editor Reflected XSS Vulnerability and Patch
github.com · 2026-04-09

### Vulnerability Overview **Title**: Potential Cross-Site Scripting in help_editor Module (help_editor 模块中的潜在跨站脚本攻击) **Description**: The help_editor module fails to properly sanitize certain user-su…

Read more
PrismaAI A2U Unauthenticated Information Disclosure (CVE-2026-34952)
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The A2U (Agent-to-User) event stream server in PrismaAI contains an unauthenticated vulnerability (CVE-2026-34952). This vulnerability allows attac…

Read more
NiceGUI File Upload Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-09

# Vulnerability Summary: NiceGUI File Upload Path Traversal Vulnerability ## 1. Vulnerability Overview Under the Windows operating system environment, the file upload functionality in NiceGUI contains…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.