Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Go Root.Chmod Symlink Race Condition Vulnerability (CVE-2026-32282) Fix
go.dev · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Overview** On Linux systems, when the target of `Root.Chmod` is replaced with a symbolic link while the `chmod` operation is in progress, `Chm…

Read more
Go archive/tar Old GNU Sparse Format DoS Vulnerability (CVE-2024-32288) Fix Analysis
go.dev · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This vulnerability (CVE-2024-32288) exists in the `archive/tar` package of the Go standard library. When parsing tar files in the old GNU sparse fo…

Read more
Go crypto/x509 Certificate Verification Quadratic Complexity DoS (CVE-2026-32281)
go.dev · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** In Go 1.26.1 and earlier versions, the `Certificate.Verify` function within the `crypto/x509` package exhibits a quadratic complexity performance f…

Read more
Go crypto/tls TLS 1.3 Key Update Deadlock DoS (CVE-2026-32283)
go.dev · 2026-04-08

### Vulnerability Overview In the TLS 1.3 protocol, if one party of a TLS connection sends multiple post-handshake key update messages within a single record, it results in a connection deadlock. This…

Read more
Go crypto/x509 CVE-2026-32280 DoS Vulnerability and Fix Analysis
go.dev · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-32280 * **Vulnerability Type**: Denial of Service (DoS) / Resource Exhaustion * **Description**: The `Cer…

Read more
CVE-2026-1163: Insufficient Session Expiration Allows Session Persistence After Password Reset
huntr.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-1163 * **Vulnerability Type:** CWE-613: Insufficient Session Expiration * **Description:** The application allows attackers …

Read more
CVE-2025-15604: Amon2 Perl Framework Insecure Random String Implementation
www.cve.org · 2026-04-08

### Vulnerability Summary: CVE-2025-15604 **1. Vulnerability Overview** * **CVE ID**: CVE-2025-15604 * **Title**: Amon2 versions prior to 6.17 for Perl use an insecure `random_string` implementation f…

Read more
CVE-2026-39936: Stored XSS in MediaWiki Score Extension with POC
phabricator.wikimedia.org · 2026-04-08

# CVE-2026-39936: Summary of Stored XSS Vulnerability in Score Extension ## Vulnerability Overview * **Vulnerability Name:** CVE-2026-39936: Stored XSS in Score due to usage of non-reserved data attri…

Read more
MediaWiki CampaignEvents Extension XSS Vulnerability (CVE-2026-39934) and Fix
phabricator.wikimedia.org · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-39934 * **Vulnerability Name:** XSS via i18n in localized wiki names on the contributions tab of Special:EventDetails * **Vu…

Read more
Firecracker v1.15.1 Vulnerability Fixes: DoS and Memory Safety
github.com · 2026-04-08

# Firecracker v1.15.1 Vulnerability Fix Summary ## 1. Vulnerability #8762: Virtio-ring Memory Over-allocation * **Overview**: Previously, a Guest could construct a descriptor chain causing Firecracker…

Read more
Firecracker v1.14.4 Vulnerability Fixes: Memory Overflow, DoS, Clock Jump
github.com · 2026-04-08

### Firecracker v1.14.4 Vulnerability Remediation Summary #### 1. Vulnerability Overview This update addresses multiple critical vulnerabilities primarily involving memory management, device initializ…

Read more
NI LabVIEW .lvlib Out-of-Bounds Write Memory Corruption Vulnerability (CVE-2026-32860)
www.ni.com · 2026-04-08

### Vulnerability Overview * **Vulnerability Name**: LV Project Library File Parsing Memory Corruption Vulnerability in NI LabVIEW * **CVE ID**: CVE-2026-32860 * **CVSS Score**: 7.8 (CVSS:3.1) / 8.5 (…

Read more
payload-puck Access Control Bypass Vulnerability and Fix Analysis
github.com · 2026-04-08

# Vulnerability Summary ## Vulnerability Overview This is an **Access Control Bypass** vulnerability. In the `/api/puck` endpoint of the `payload-puck` project, the existing endpoint handlers, when in…

Read more
Payload CMS Puck Plugin Access Control Bypass via overrideAccess
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Puck plugin for Payload CMS. Under default configuration, the endpoint handler invokes the Payload local API…

Read more
CVE-2024-30352: Command Injection in GitHub Actions Reusable Workflow
github.com · 2026-04-08

### Vulnerability Summary: Command Injection in Reusable Workflow via Unsanitized comment-body Output **Vulnerability Overview** This is a Critical severity security vulnerability (CVE-2024-30352) occ…

Read more
OpenObserve SSRF Vulnerability Fix: IP Validation Logic Analysis
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A flaw exists in OpenObserve's URL validation logic, which fails to effectively block access to private IP addresses and loopback addresses. Attack…

Read more
fastfeedparser Infinite Redirect Loop DoS via meta-refresh
github.com · 2026-04-08

# Vulnerability Summary: Infinite Redirect Loop DoS via Meta-Refresh Chain ### Vulnerability Overview The `parse()` function in the `fastfeedparser` library recursively calls itself to handle redirect…

Read more
mise .mise.toml Trust Check Bypass Vulnerability (CVE-2026-3533)
github.com · 2026-04-08

### Vulnerability Overview The `mise` tool contains a trust bypass vulnerability when loading local project `.mise.toml` configuration files. An attacker can place a malicious `.mise.toml` file within…

Read more
MediaWiki Growth Extension Infinite Loop Vulnerability Analysis
phabricator.wikimedia.org · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** In the MediaWiki `Growth` extension, the `ReassignMenteesJob` (Reassign Mentees Job) enters an **infinite loop** when processing mentors who have "…

Read more
Scoold Authenticated Arbitrary Question Overwrite Vulnerability
github.com · 2026-04-08

### Vulnerability Overview An Authenticated Arbitrary Question Overwrite vulnerability exists in Scoold (com.erudika:scoold). This vulnerability allows any authenticated low-privilege user to overwrit…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.