Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Authenticated RCE in Flowise CSVAgent via Code Injection
github.com · 2026-04-24

# Code Injection in CSVAgent leads to Authenticated RCE ## Vulnerability Overview This vulnerability exists in `CSVAgent`, allowing an attacker to achieve remote code execution (RCE) on the server by …

Read more
FlowiseAI DocumentStore Mass Assignment Leading to IDOR Object Takeover
github.com · 2026-04-24

# Vulnerability Summary: Mass Assignment in DocumentStore Creation Endpoint Leads to Cross-Workspace Object Takeover (IDOR) ## Vulnerability Overview There is a Mass Assignment vulnerability in the `D…

Read more
FlowiseAI Unauthenticated TTS Endpoint Credential Abuse
github.com · 2026-04-24

# Vulnerability Summary: FlowiseAI Unauthorized TTS Endpoint Credential Abuse ## Overview The text-to-speech (TTS) generation endpoint (`POST /api/v1/text-to-speech/generate`) of FlowiseAI has an unau…

Read more
Mako CVE-2026-41205 Path Traversal in TemplateLookup via Double-Slash URI
github.com · 2026-04-24

# Vulnerability Overview **Vulnerability Name**: Path traversal via double-slash URI prefix in TemplateLookup **CVE ID**: CVE-2026-41205 **Severity**: Moderate **Affected Versions**: Mako <= 1.3.10 **…

Read more
Contour CVE-2024-41246 Lua Code Injection Vulnerability Advisory
github.com · 2026-04-24

# Lua Code Injection Vulnerability (CVE-2024-41246) ## Vulnerability Overview Contour’s cookie rewrite feature contains a Lua code injection vulnerability. An attacker with RBAC permissions to create …

Read more
CVE-2026-41246: Contour Cookie Rewriting Lua Code Injection Vulnerability
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-41246 - **Vulnerability Type**: Lua Code Injection Vulnerability - **Affected Feature**: Cookie Rewriting feature of Contour ### Impact Sc…

Read more
Fix for Unrestricted Response Body Size in OpenTelemetry.Sampler.AWS
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves no restriction on the size of the response body when reading AWS X-Ray sampling rules, which may lead to unexpectedly larg…

Read more
Unbounded HTTP Response Body Read in OpenTelemetry.Sampler.AWS and OpenTelemetry.Resources.AWS
github.com · 2026-04-24

### Vulnerability Overview **Vulnerability Name**: Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS and OpenTelemetry.Resources.AWS **Vulnerability Description**: - **OpenTelemetry.Sampl…

Read more
OpenTelemetry Propagator Memory Allocation DoS Vulnerability
github.com · 2026-04-24

# Vulnerability Overview **Title**: Excessive Memory Allocation When Parsing OpenTelemetry Propagation Headers **Description**: The implementations for handling baggage, B3, and Jaeger propagation hea…

Read more
ToTOLINK A3300R cstecgi.cgi Command Injection Vulnerability (CVE-2026-31162) with PoC
github.com · 2026-04-24

# ToTOLINK A3300R Command Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: ToTOLINK A3300R Command Injection Vulnerability * **CVE ID**: CVE-2026-31162 * **Vulnerabi…

Read more
OpenTelemetry OTLP Exporter Response Body Size Limit Fix
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Title**: [OTLP] Limit response body size read by exporters #7017 - **Vulnerability Description**: This vulnerability involves limiting the size of HTTP res…

Read more
ToTolink A3300R Command Injection in cstecgi.cgi (CVE-2026-31167) with PoC
github.com · 2026-04-24

# ToTolink A3300R Command Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: ToTolink A3300R Command Injection Vulnerability (CVE-2026-31167) * **Vulnerability Type**:…

Read more
Tenable Nessus Arbitrary File Deletion Vulnerability (CVE-2026-33894)
tenable.com · 2026-04-24

# Tenable Nessus Arbitrary File Deletion Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2026-33894 - **Risk Level**: High - **CVSSv3 Score**: 8.2 / 7.4 - **CVSSv4 Score**: 7.4 - **V…

Read more
Tenable Nessus Agent Arbitrary File Deletion via Symbolic Link (CVE-2026-33694)
tenable.com · 2026-04-24

# [R1] Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion ## Vulnerability Overview A vulnerability was discovered in Nessus Agent on Windows that allows an attacker to create symbolic links (j…

Read more
ToTolink A3300R Command Injection in cstecgi.cgi (CVE-2026-31169) with PoC
github.com · 2026-04-24

# ToTolink A3300R Command Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: ToTolink A3300R Command Injection Vulnerability * **CVE ID**: CVE-2026-31169 * **Vulnerabi…

Read more
OpenTelemetry Jaeger Exporter CVE-2024-41078 Memory Exhaustion DoS Vulnerability
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Title**: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path - **CVE ID**: CVE-2024-41078 - **CVSS v3 Base Score**: …

Read more
node-oauth2-server PKCE code_verifier Validation Bypass Allows Brute Force
github.com · 2026-04-24

# PKCE code_verifier ABNF Not Enforced Allows Authorization Code Brute Force ## Vulnerability Overview In the OAuth 2.0 PKCE (RFC 7636) flow, the `node-oauth2-server` library’s token exchange endpoint…

Read more
ToTolink A3300R Command Injection in cstecgi.cgi (CVE-2026-31173) with PoC
github.com · 2026-04-24

# ToTolink A3300R Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Command Injection - **CVE ID**: CVE-2026-31173 - **Trigger Point**: `cstecgi.cgi` script - **Principle**: Th…

Read more
ToTolink A3300r Command Injection in cstextcgi.cgi (CVE-2026-31166)
github.com · 2026-04-24

# ToTolink A3300r Command Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: ToTolink A3300r Command Injection Vulnerability * **CVE ID**: CVE-2026-31166 * **Vulnerabi…

Read more
ToTolink A3300r cstecgi.cgi Command Injection Vulnerability (CVE-2026-31163) with PoC
github.com · 2026-04-24

# ToTolink A3300r Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Command Injection * **CVE ID**: CVE-2026-31163 * **Affected Component**: `cstecgi.cgi` * **Vulnerability Pri…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.