Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
CVE-2023-2987: Wordapp WordPress Plugin Authentication Bypass via Weak Signature
lana.report · 2026-04-09

### Vulnerability Summary: Wordapp WordPress Plugin Insufficiently Unique Cryptographic Signature **1. Vulnerability Overview** The Wordapp WordPress plugin contains an "Insufficiently Unique Cryptogr…

Read more
WordPress System Dashboard Plugin Sensitive Data Exposure via Broken Access Control (CVE-2023-5711)
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **CVE ID:** CVE-2023-5711 * **Vulnerability Type:** Broken Logical Control / Sensitive Data Exposure * **Description:** A securit…

Read more
WordPress Business Directory Plugin CSV Injection Vulnerability (CVE-2023-5527) Analysis
research.cleantalk.org · 2026-04-09

### Vulnerability Overview * **CVE ID**: CVE-2023-5527 * **Vulnerability Name**: Business Directory Plugin – CSV Injection * **Vulnerability Type**: CSV Injection (also known as Formula Injection), cl…

Read more
WordPress System Dashboard Plugin Logic Vulnerability (CVE-2023-5713) with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **CVE ID:** CVE-2023-5713 * **Vulnerability Name:** System Dashboard – Broken Logical Control to Mail Box Password Thief * **Seve…

Read more
WordPress Debug Log Manager CSRF Vulnerability (CVE-2023-5772)
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **CVE ID:** CVE-2023-5772 * **Vulnerability Type:** CSRF (Cross-Site Request Forgery) * **Affected Plugin:** Debug Log Manager * …

Read more
CVE-2023-5448: WP Register Profile With Shortcode CSRF to Password Reset
research.cleantalk.org · 2026-04-09

# CVE-2023-5448 – WP Register Profile With Shortcode – CSRF to Password Reset ## Vulnerability Overview This vulnerability exists in the **WP Register Profile With Shortcode** plugin and is of the **C…

Read more
WordPress Neon Text Plugin Stored XSS Vulnerability (CVE-2023-5817) with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2023-5817 * **Affected Plugin**: Neon Text WordPress Plugin * **Affected Versions**: <= 1.1 * **Vulnerability …

Read more
CVE-2026-3585 The Events Calendar Authenticated LFI Vulnerability and POC
research.cleantalk.org · 2026-04-09

# CVE-2026-3585 Vulnerability Summary ## Vulnerability Overview * **CVE ID**: CVE-2026-3585 * **Vulnerability Name**: The Events Calendar – LFI Author+ * **Vulnerability Type**: Authenticated Local Fi…

Read more
Unauthenticated Stored XSS in WooCommerce Checkout Field Editor Plugin (CVE-2026-3231)
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-3231 * **Vulnerability Type:** Unauthenticated Stored XSS * **Affected Plugin:** Checkout Field Editor (Chec…

Read more
CVE-2026-3098: Smart Slider 3 LFI Vulnerability for Low-Privilege Users
research.cleantalk.org · 2026-04-09

# CVE-2026-3098 - Smart Slider 3 - LFI (Subscriber+) ## Vulnerability Overview This vulnerability affects the Smart Slider 3 plugin, allowing authenticated low-privilege users (such as Subscribers) to…

Read more
WooPayments Unauthenticated Cache Poisoning/DoS via AJAX (CVE-2026-1710)
research.cleantalk.org · 2026-04-09

# Vulnerability Summary: CVE-2026-1710 ## Vulnerability Overview * **CVE ID:** CVE-2026-1710 * **Vulnerability Name:** WooPayments – Unauthenticated Checkout UI Cache Poisoning/DOS via Public save_upe…

Read more
CVE-2026-5762: MediaWiki ReportIncident Integration Causes Request Timeouts on Large Pages
phabricator.wikimedia.org · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-5762 * **Title:** ReportIncident DiscussionTools integration causes slow requests with occasional timeouts on large talk pag…

Read more
CoolerControl CVE-2023-35943 Authentication Bypass Vulnerability Analysis and Fix
gitlab.com · 2026-04-08

### Summary of Key Vulnerability Information **Vulnerability Overview** The screenshot displays the code repository interface for the **CoolerControl** project. CoolerControl contains a well-known aut…

Read more
fast-jwt cacheKeyBuilder Cache Confusion leading to Auth Bypass and Fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This vulnerability involves a **Cache Confusion** risk within the `fast-jwt` library's `cacheKeyBuilder` option. When a user defines a custom `cach…

Read more
ICONICS Suite Vulnerability Advisory: CVE-2025-14015/14016 Auth Bypass & Data Tampering
www.mitsubishielectric.com · 2026-04-08

# Multiple Information Disclosure, Tampering, and Denial of Service Vulnerability Advisory ## Vulnerability Overview This advisory concerns multiple security vulnerabilities in **GENESIS64, ICONICS Su…

Read more
Mitsubishi Electric GENESIS64/ICONICS Suite Cleartext Credential Storage Vulnerabilities (CVE-2025-14815/14816)
www.cisa.gov · 2026-04-08

# Mitsubishi Electric GENESIS64 and ICONICS Suite Vulnerability Summary ## Vulnerability Overview Successful exploitation of these vulnerabilities may allow a local attacker to disclose SQL Server cre…

Read more
Mitsubishi Electric Multiple Products Plaintext Storage Vulnerabilities (CVE-2025-14815/14816)
jvn.jp · 2026-04-08

### Vulnerability Overview This webpage describes security vulnerabilities affecting multiple products under Mitsubishi Electric (Mitsubishi Electric), primarily concerning the plaintext storage of se…

Read more
Movable Type Listing Framework RCE and SQL Injection Vulnerabilities (CVE-2026-25776/CVE-2026-33088)
www.sixapart.jp · 2026-04-08

### Vulnerability Overview This advisory concerns two security vulnerabilities in the **Listing Framework** of the Movable Type content management system, which manages the backend `mt.cgi` and Data A…

Read more
Movable Type Code Injection & SQL Injection Vulnerabilities (CVE-2026-25776/CVE-2026-33088)
jvn.jp · 2026-04-08

# JVN#66473735 Movable Type Multiple Vulnerabilities Summary ## Vulnerability Overview The Movable Type content management system provided by Six Apart Ltd. contains multiple security vulnerabilities,…

Read more
Go Security Update: RootChmod Symlink Traversal, XSS in Templates, and crypto/x509 Wildcard Fix
groups.google.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** Go versions 1.26.2 and 1.25.9 have been released, containing 10 security fixes. These primarily address RootChmod symlink traversal, HTML/Template …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.