Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
ChurchCRM SQL Injection in GroupPropsFormRowOps.php
github.com · 2026-04-08

### Vulnerability Overview * **Title**: DDL SQL Injection in GroupPropsFormRowOps.php * **Description**: The `GroupPropsFormRowOps.php` file contains a SQL injection vulnerability. The user-supplied `…

Read more
ChurchCRM SQL Injection Vulnerability (CVSS 8.8) with POC
github.com · 2026-04-08

### Vulnerability Summary **1. Vulnerability Overview** A SQL injection vulnerability exists in the `SettingsIndividual.php` file of ChurchCRM. This vulnerability arises because the user-controlled `t…

Read more
PrisonAI Recipe Registry Path Traversal Vulnerability Analysis
github.com · 2026-04-08

### Vulnerability Overview A Path Traversal vulnerability exists in the recipe registry pull process of PrainsonAI. When extracting `.prainson` tar archives controlled by an attacker, the process util…

Read more
Blind SQL Injection in ChurchCRM 7.0.5 SettingsUser.php via type parameter
github.com · 2026-04-08

### Vulnerability Overview A blind SQL injection vulnerability has been discovered in the `/SettingsUser.php` endpoint of ChurchCRM 7.0.5. An authenticated administrator user can inject arbitrary SQL …

Read more
ChurchCRM <= 7.0.5 Blind SQL Injection in PropertyAssign.php
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A blind SQL injection vulnerability exists in the `UpdateProperty` function within the `src/PropertyAssign.php` file in ChurchCRM versions 7.0.5 an…

Read more
ChurchCRM <=7.0.5 Unauthenticated RCE in Install Wizard with POC
github.com · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Overview** An unauthenticated remote code execution (RCE) vulnerability exists in the ChurchCRM installation wizard. During the initial instal…

Read more
ChurchCRM <=7.0.5 SQL Injection Vulnerability Analysis
github.com · 2026-04-08

### Vulnerability Overview The `PropertyTypeEditor.php` file in ChurchCRM contains a SQL injection vulnerability. This issue arises because the insecure `sanitizeText()` function replaced the original…

Read more
ChurchCRM SQL Injection Vulnerability Analysis
github.com · 2026-04-08

# ChurchCRM SQL Injection Vulnerability Summary ## Vulnerability Overview A critical SQL injection vulnerability exists in the `PropertyTypeEditor.php` file of ChurchCRM. This vulnerability stems from…

Read more
PraisonAI Recipe Registry Path Traversal Arbitrary File Write
github.com · 2026-04-08

### Vulnerability Overview **PraisonAI recipe registry publish path traversal allows out-of-root file write** The PraisonAI recipe registry publish endpoint fails to validate whether the `name` and `v…

Read more
LibRaw HuffTable::initVal Heap Buffer Overflow Vulnerability Analysis
talosintelligence.com · 2026-04-08

### Vulnerability Overview A heap-based buffer overflow vulnerability exists in the `HuffTable::initVal` function within the LibRaw library. This vulnerability arises because the `bits` array, used to…

Read more
LibRaw Integer Overflow in deflate_dng_load_raw (CVE-2026-20894)
talosintelligence.com · 2026-04-08

# Talos Vulnerability Report Summary: LibRaw deflate_dng_load_raw Integer Overflow Vulnerability ## Vulnerability Overview * **Vulnerability Name**: LibRaw deflate_dng_load_raw integer overflow vulner…

Read more
LibRaw x3f_thumb_loader Heap Overflow via Integer Overflow (CVE-2026-20889)
talosintelligence.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A heap-based buffer overflow vulnerability exists in the `x3f_thumb_loader` function within the LibRaw library (CVE-2026-20889). The root cause of …

Read more
MRCMS v3.1.3 Unauthenticated Super Admin Account Creation
github.com · 2026-04-08

# MRCMS v3.1.3 Unauthenticated Super Administrator Addition Vulnerability ## Vulnerability Overview MRCMS version 3.1.3 contains an access control vulnerability that allows unauthenticated attackers t…

Read more
anything-llm Agent Flows Path Traversal Vulnerability Analysis
huntr.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Type:** Path Traversal * **Affected Component:** `Agent Flows` component * **Vulnerability Description:** A pa…

Read more
Windmill Backend SQL Injection and Path Traversal Fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This commit (Commit 942fb62) primarily involves "tightening" fixes to the Windmill backend code. The following potential security risks have been a…

Read more
CWE-681: Incorrect Conversion between Numeric Types Analysis and Mitigation
cvefeed.io · 2026-04-08

# CWE-681: Incorrect Conversion between Numeric Types ## Vulnerability Overview When converting data from one data type to another (e.g., converting to an integer), data may be truncated or converted …

Read more
Django Security Advisory: 5 Vulnerabilities (ASGI Spoofing, Privilege Abuse, DoS)
www.djangoproject.com · 2026-04-08

### Vulnerability Overview This security advisory covers five security vulnerabilities affecting different components of Django: 1. **CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflati…

Read more
Solidity SCWE-041 Unsafe Downcasting Vulnerability Analysis and Fix
scs.owasp.org · 2026-04-08

# SCWE-041: Unsafe Downcasting ## Vulnerability Overview Occurs when a larger integer type is implicitly or explicitly converted to a smaller integer type. Solidity does not automatically check for ov…

Read more
AgentFlows Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-08

# Vulnerability Summary ### Vulnerability Overview This is a fix for a **Path Traversal** vulnerability. In the `server/utils/agentFlows/index.js` file, the original file existence check (`fs.existsSy…

Read more
CVE-2026-4631 Cockpit SSH Command Injection RCE Vulnerability Analysis
bugzilla.redhat.com · 2026-04-08

# Vulnerability Summary: CVE-2026-4631 Cockpit SSH Command-Line Argument Injection ## Vulnerability Overview * **CVE ID**: CVE-2026-4631 * **Vulnerability Name**: Cockpit: Unauthenticated remote code …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.