Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23513+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
WordPress Neon Text Plugin Stored XSS Vulnerability (CVE-2023-5817) with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2023-5817 * **Affected Plugin**: Neon Text WordPress Plugin * **Affected Versions**: <= 1.1 * **Vulnerability …

Read more
CVE-2026-3585 The Events Calendar Authenticated LFI Vulnerability and POC
research.cleantalk.org · 2026-04-09

# CVE-2026-3585 Vulnerability Summary ## Vulnerability Overview * **CVE ID**: CVE-2026-3585 * **Vulnerability Name**: The Events Calendar – LFI Author+ * **Vulnerability Type**: Authenticated Local Fi…

Read more
Unauthenticated Stored XSS in WooCommerce Checkout Field Editor Plugin (CVE-2026-3231)
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-3231 * **Vulnerability Type:** Unauthenticated Stored XSS * **Affected Plugin:** Checkout Field Editor (Chec…

Read more
CVE-2026-3098: Smart Slider 3 LFI Vulnerability for Low-Privilege Users
research.cleantalk.org · 2026-04-09

# CVE-2026-3098 - Smart Slider 3 - LFI (Subscriber+) ## Vulnerability Overview This vulnerability affects the Smart Slider 3 plugin, allowing authenticated low-privilege users (such as Subscribers) to…

Read more
WooPayments Unauthenticated Cache Poisoning/DoS via AJAX (CVE-2026-1710)
research.cleantalk.org · 2026-04-09

# Vulnerability Summary: CVE-2026-1710 ## Vulnerability Overview * **CVE ID:** CVE-2026-1710 * **Vulnerability Name:** WooPayments – Unauthenticated Checkout UI Cache Poisoning/DOS via Public save_upe…

Read more
CVE-2026-5762: MediaWiki ReportIncident Integration Causes Request Timeouts on Large Pages
phabricator.wikimedia.org · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-5762 * **Title:** ReportIncident DiscussionTools integration causes slow requests with occasional timeouts on large talk pag…

Read more
CoolerControl CVE-2023-35943 Authentication Bypass Vulnerability Analysis and Fix
gitlab.com · 2026-04-08

### Summary of Key Vulnerability Information **Vulnerability Overview** The screenshot displays the code repository interface for the **CoolerControl** project. CoolerControl contains a well-known aut…

Read more
fast-jwt cacheKeyBuilder Cache Confusion leading to Auth Bypass and Fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This vulnerability involves a **Cache Confusion** risk within the `fast-jwt` library's `cacheKeyBuilder` option. When a user defines a custom `cach…

Read more
ICONICS Suite Vulnerability Advisory: CVE-2025-14015/14016 Auth Bypass & Data Tampering
www.mitsubishielectric.com · 2026-04-08

# Multiple Information Disclosure, Tampering, and Denial of Service Vulnerability Advisory ## Vulnerability Overview This advisory concerns multiple security vulnerabilities in **GENESIS64, ICONICS Su…

Read more
Mitsubishi Electric GENESIS64/ICONICS Suite Cleartext Credential Storage Vulnerabilities (CVE-2025-14815/14816)
www.cisa.gov · 2026-04-08

# Mitsubishi Electric GENESIS64 and ICONICS Suite Vulnerability Summary ## Vulnerability Overview Successful exploitation of these vulnerabilities may allow a local attacker to disclose SQL Server cre…

Read more
Mitsubishi Electric Multiple Products Plaintext Storage Vulnerabilities (CVE-2025-14815/14816)
jvn.jp · 2026-04-08

### Vulnerability Overview This webpage describes security vulnerabilities affecting multiple products under Mitsubishi Electric (Mitsubishi Electric), primarily concerning the plaintext storage of se…

Read more
Movable Type Listing Framework RCE and SQL Injection Vulnerabilities (CVE-2026-25776/CVE-2026-33088)
www.sixapart.jp · 2026-04-08

### Vulnerability Overview This advisory concerns two security vulnerabilities in the **Listing Framework** of the Movable Type content management system, which manages the backend `mt.cgi` and Data A…

Read more
Movable Type Code Injection & SQL Injection Vulnerabilities (CVE-2026-25776/CVE-2026-33088)
jvn.jp · 2026-04-08

# JVN#66473735 Movable Type Multiple Vulnerabilities Summary ## Vulnerability Overview The Movable Type content management system provided by Six Apart Ltd. contains multiple security vulnerabilities,…

Read more
Go Security Update: RootChmod Symlink Traversal, XSS in Templates, and crypto/x509 Wildcard Fix
groups.google.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** Go versions 1.26.2 and 1.25.9 have been released, containing 10 security fixes. These primarily address RootChmod symlink traversal, HTML/Template …

Read more
Go Root.Chmod Symlink Race Condition Vulnerability (CVE-2026-32282) Fix
go.dev · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Overview** On Linux systems, when the target of `Root.Chmod` is replaced with a symbolic link while the `chmod` operation is in progress, `Chm…

Read more
Go archive/tar Old GNU Sparse Format DoS Vulnerability (CVE-2024-32288) Fix Analysis
go.dev · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This vulnerability (CVE-2024-32288) exists in the `archive/tar` package of the Go standard library. When parsing tar files in the old GNU sparse fo…

Read more
Go crypto/x509 Certificate Verification Quadratic Complexity DoS (CVE-2026-32281)
go.dev · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** In Go 1.26.1 and earlier versions, the `Certificate.Verify` function within the `crypto/x509` package exhibits a quadratic complexity performance f…

Read more
Go crypto/tls TLS 1.3 Key Update Deadlock DoS (CVE-2026-32283)
go.dev · 2026-04-08

### Vulnerability Overview In the TLS 1.3 protocol, if one party of a TLS connection sends multiple post-handshake key update messages within a single record, it results in a connection deadlock. This…

Read more
Go crypto/x509 CVE-2026-32280 DoS Vulnerability and Fix Analysis
go.dev · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-32280 * **Vulnerability Type**: Denial of Service (DoS) / Resource Exhaustion * **Description**: The `Cer…

Read more
CVE-2026-1163: Insufficient Session Expiration Allows Session Persistence After Password Reset
huntr.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2026-1163 * **Vulnerability Type:** CWE-613: Insufficient Session Expiration * **Description:** The application allows attackers …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.