Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Powerjob Pre-Auth RCE via Groovy Script Injection Analysis
github.com · 2026-04-08

### Vulnerability Summary: Unauthorized Remote Code Execution (Groovy Script Injection) **1. Vulnerability Overview** * **Vulnerability Type:** Pre-Auth Remote Code Execution (RCE). * **Severity:** Cr…

Read more
Powerjob v5.1.x Pre-Auth RCE via H2 SQL Injection in customQuery
github.com · 2026-04-08

### Vulnerability Overview * **Title**: Unauthenticated Remote Code Execution: H2 SQL Injection in `customQuery` Parameter (#1167) * **Vulnerability Type**: Pre-Auth Remote Code Execution (RCE) * **Se…

Read more
docker-mcp-server Command Injection Vulnerability Analysis
github.com · 2026-04-08

# Vulnerability Summary: docker-mcp-server Command Injection Vulnerability ## 1. Vulnerability Overview * **Vulnerability Type**: Command Injection (CWE-78). * **Affected Product**: `docker-mcp-server…

Read more
OpenSSL CMS NULL Deref Vulnerability (CVE-2020-19389) Analysis and Fix
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** NULL dereference in CMS EnvelopedData processing (`[ec]cms_set_shared_info`). * **CVE ID:** CVE-2020-1…

Read more
PowerJob /instance/detailPlus Unauth Access & SQLi via H2 RUNSCRIPT
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `/instance/detailPlus` interface in PowerJob contains two critical security flaws: 1. **Unauthorized Access**: The `getInstanceDetailPlus` meth…

Read more
DNS Cache Poisoning in Dual DHCP DNS Server (CVE-2025-71058) Analysis
github.com · 2026-04-08

# Security Advisory Summary: Dual DHCP DNS Server DNS Cache Poisoning Vulnerability ## 1. Vulnerability Overview * **Vulnerability Name:** DNS Cache Poisoning in Dual DHCP DNS Server (Dual DHCP DNS Se…

Read more
docker-mcp-server Command Injection Vulnerability Analysis
github.com · 2026-04-08

# Vulnerability Summary: docker-mcp-server Command Injection Vulnerability ## 1. Vulnerability Overview A command injection vulnerability (CVE-78) has been identified in the `src/index.ts` component o…

Read more
CVE-2025-69515: Static GPS Spoofing Vulnerability in JXl Infotainment System
github.com · 2026-04-08

# CVE-2025-69515 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2025-69515 * **Attack Name**: Static GPS Spoofing on JXl Infotainment (JXl Infotainment System Static GPS S…

Read more
OpenAM Deserialization Bypass of CVE-2021-35464 Leading to RCE
github.com · 2026-04-08

### Vulnerability Summary: OpenAM Deserialization Remote Code Execution **Vulnerability Overview** OpenAM 16.0.5 (and earlier versions) contains a deserialization vulnerability (a variant/bypass of CV…

Read more
OS Command Injection in survarchal docker-mcp-server (CVE-2026-5741)
vuldb.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Type**: OS Command Injection. * **Description**: The HTTP interface component file `src/index.ts` within `surv…

Read more
PowerJob InstanceController SQL Injection Vulnerability (CVE-2026-5736)
vuldb.com · 2026-04-08

### Vulnerability Overview * **Vulnerability Name**: PowerJob detailPlus Endpoint InstanceController.java customQuery SQL Injection * **CVE ID**: CVE-2026-5736 * **Vulnerability Type**: SQL Injection …

Read more
Command Injection in docker-mcp-server 0.1.0 via unsanitized input
vuldb.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A command injection vulnerability exists in `docker-mcp-server` version 0.1.0. An attacker can exploit this by providing malicious container names …

Read more
GenieACS CVE-2025-56015 Sandbox Escape and Unauthenticated RCE Analysis
github.com · 2026-04-08

### CVE-2025-56015 GenieACS RCE Vulnerability Summary #### 1. Vulnerability Overview * **Vulnerability Name**: CVE-2025-56015 * **Vulnerability Type**: Critical Sandbox Escape and Code Injection * **D…

Read more
SGLang Pickle Deserialization RCE (CVE-2026-3989/3990) and Fix Analysis
github.com · 2026-04-08

### Vulnerability Overview The SGLang project contains a critical security vulnerability (CVSS 9.8) stemming from deserialization operations performed by the `pickle.loads()` and `recv_pyobj()` functi…

Read more
LibRaw CVE-2026-24660 Heap Buffer Overflow in x3f_load_huffman
talosintelligence.com · 2026-04-08

# Talos Vulnerability Summary ## Vulnerability Overview * **CVE ID:** CVE-2026-24660 * **Vulnerability Name:** LibRaw x3f_load_huffman heap-based buffer overflow vulnerability (LibRaw x3f_load_huffman…

Read more
TALOS-2026-2363: LibRaw Integer Overflow Leading to Heap Buffer Overflow (CVE-2026-24450)
talosintelligence.com · 2026-04-08

# Talos Vulnerability Report Summary (TALOS-2026-2363) ## Vulnerability Overview * **CVE ID**: CVE-2026-24450 * **Vulnerability Name**: LibRaw uncompressed_fp_dng_load_raw integer overflow vulnerabili…

Read more
openharness Improper Access Control Vulnerability: Path Parameter Mismatch Bypass
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This is a security-sensitive improper access control vulnerability. * **Root Cause**: A parameter name mismatch exists within the permission bounda…

Read more
OpenHarness Path Resolution Bypass Allows File Access Control Evasion
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** The OpenHarness engine contains a **Path Resolution Bypass** vulnerability during the file access permission check process. In t…

Read more
Windfall Vulnerability Chain in Windmill/Nextcloud Flow (CVE-2026-29059/23696/22683) with POC
github.com · 2026-04-08

# Windfall Vulnerability Summary ## Vulnerability Overview **Windfall** is a critical exploitation chain targeting Windmill and Nextcloud Flow, comprising the following three key CVEs: * **CVE-2026-29…

Read more
Windmill operator privilege escalation fix: RBAC bypass in app/flow/script APIs
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This is a security vulnerability caused by insufficient access control. In the Windmill platform, the `operator` role was erroneously granted permi…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.