Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
CVE-2026-4740: Red Hat ACM/OCM Cross-cluster Privilege Escalation via Certificate Validation
bugzilla.redhat.com · 2026-04-08

### Vulnerability Overview * **CVE ID:** CVE-2026-4740 * **Vulnerability Name:** rhacm: Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate ren…

Read more
Koha Release Notes: Fixes for Missing Permission Checks and REST API Logic
gitlab.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This page contains the Release Notes for the Koha project, listing multiple fixed bugs covering the following areas: 1. **Patron Management:** * **…

Read more
Koha Library Software OS Command Injection Vulnerability (CVE-2024-36057) with PoC
github.com · 2026-04-08

# CVE-2024-36057: Koha Library Software OS Command Injection ## Vulnerability Overview The Koha Library Software (an open-source integrated library system) contains an OS command injection vulnerabili…

Read more
Koha <22.05.22 Authenticated Time-Based Blind SQL Injection (CVE-2024-36058) with POC
github.com · 2026-04-08

### Vulnerability Overview * **Vulnerability Name:** Koha Library Software < 22.05.22 — Time-Based Blind SQL Injection * **CVE ID:** CVE-2024-36058 * **Vulnerability Type:** Time-Based Blind SQL Injec…

Read more
OpenViking Unauthenticated Access Fix: Config Validation for Root API Key
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** In the OpenViking server configuration, if the `root_api_key` (root API key) is not configured, the default listening address is `0.0.0.0`. This al…

Read more
Python pkgutil.get_data removes path traversal restrictions, warns of untrusted input risks
github.com · 2026-04-08

### Vulnerability Overview The security model of the `pkgutil.get_data` function has been re-evaluated. Previous versions attempted to prevent path traversal attacks by prohibiting parent directory re…

Read more
Python webbrowser Command Injection Fix via Leading Dash Validation
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `open()` function in Python's `webbrowser` module contains a security flaw when handling URL parameters. If a provided URL starts with a hyphen…

Read more
Python webbrowser Module Command Injection Fix via Dash Prefix Validation
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A security flaw exists in the `webbrowser` module of the Python standard library. When the `webbrowser.open` function is called with a URL starting…

Read more
Python webbrowser module URL parameter injection fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The Python `webbrowser` module contains a security flaw when processing URLs. Specifically, the module fails to effectively prevent URLs starting w…

Read more
Python webbrowser module Argument Injection vulnerability fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `open` function in the Python `webbrowser` module contains an Argument Injection vulnerability. When a passed URL parameter starts with `--`, t…

Read more
Python webbrowser module URL command injection fix via dash prefix check
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** The `webbrowser` module in Python contains a security flaw when processing URLs. Attackers can exploit this vulnerability by passing URLs starting …

Read more
Mozilla Firefox/Thunderbird Security Advisory: Integer Overflow & Memory Safety Vulnerabilities (CVE-2026-5731 to 5735)
www.mozilla.org · 2026-04-08

# Mozilla Foundation Security Advisory 2026-28 Vulnerability Summary ## Vulnerability Overview This security advisory primarily addresses vulnerabilities fixed in Thunderbird version 149.0.2, as well …

Read more
Weaver E-cology10 RCE Vulnerability Analysis (QVD-2026-14149)
ti.qianxin.com · 2026-04-07

# Weaver E-cology10 Remote Code Execution Vulnerability (QVD-2026-14149) Summary ## Vulnerability Overview * **Vulnerability Name:** Weaver E-cology10 Remote Code Execution Vulnerability * **Vulnerabi…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass
github.com · 2026-04-07

### Vulnerability Summary **1. Vulnerability Overview** A validation flaw exists in the `public_key` module of Erlang OTP regarding the processing of OCSP (Online Certificate Status Protocol) response…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass Fix
github.com · 2026-04-07

# Vulnerability Summary: Erlang OTP OCSP Responder Certificate Verification Flaw ## Vulnerability Overview A security flaw exists in the OCSP (Online Certificate Status Protocol) responder certificate…

Read more
MLflow Authorization Bypass Vulnerability Fix Analysis
github.com · 2026-04-07

### Summary of Vulnerability Key Information **Vulnerability Overview** This is an **Authorization Bypass** vulnerability. In MLflow, the AJAX endpoint `GET /ajax-api/2.0/mlflow/logged-models/{model_i…

Read more
Weaver E-cology Full Security Patch Release and Hardening Guide
www.weaver.com.cn · 2026-04-07

### Vulnerability Summary: Weaver E-cology Security Patch Release **Vulnerability Overview** Weaver has officially released a comprehensive security patch update for its E-cology collaborative managem…

Read more
Weaver E-cology10 RCE Vulnerabilities in xmReport, dubboApi, and saveSignAddrslInfo Modules
h4cker.zip · 2026-04-07

# Summary of Remote Code Execution Vulnerabilities in Weaver E-cology10 ## Vulnerability Overview The Weaver E-cology10 system contains multiple Remote Code Execution (RCE) vulnerabilities, primarily …

Read more
Dolibarr 23.0.2 Security Update: SSRF and File Handling Vulnerabilities Fixed
github.com · 2026-04-07

# Dolibarr 23.0.2 Security Update Summary ## Vulnerability Overview This release (23.0.2) includes multiple security fixes and permission improvements, primarily addressing the following critical vuln…

Read more
Erlang/OTP OCSP Signature Verification Bypass (CVE-2026-32144)
github.com · 2026-04-07

### Vulnerability Overview * **Vulnerability Name**: OCSP designated-responder authorization bypass — missing signature verification (RFC 6960 §4.2.2.2) * **CVE ID**: CVE-2026-32144 * **Severity**: Hi…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.