Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
CVE-2026-23991: TUF Client DoS via Malformed Metadata Response
github.com · 2026-01-27

## Critical Vulnerability Information ### Vulnerability Overview - **Name**: Client DoS via malformed server response - **ID**: GHSA-846p-jg2w-w324 - **Severity**: Moderate (5.9/10) - **CVE ID**: CVE-…

Read more
SvelteKit CVE-2026-22803 Memory Amplification DoS in Remote Functions
github.com · 2026-01-20

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Title**: `Memory amplification DoS in Remote Functions binary form deserializer (application/x-sveltekit-formdata)` -…

Read more
DoS in vLLM Idefics3 Vision Models via Ambiguous Image Dimensions
github.com · 2026-01-20

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: DoS in Idefics3 vision models via image payload with ambiguous dimensions - **Identifier**: GHSA-grg2-63fw-f2qr - **Ri…

Read more
CVE-2025-64494: ANSI escape sequence injection in user input
github.com · 2025-11-09

### Vulnerability Overview - **Vulnerability Name**: ANSI escape sequences not being sanitized in user input - **Publisher**: caarlos0 - **Vulnerability ID**: GHSA-fv2r-r8mp-pg48 - **Release Date**: 3…

Read more
CraftCMS Remote Code Execution Vulnerability (CVE-2023-41892)
github.com · 2025-11-06

### Vulnerability Key Information #### Vulnerability Title Remote Code Execution #### Vulnerability ID GHSA-4w8r-3xrw-v25g #### Release Date September 13, 2023 #### Vulnerability Severity CVSS v3 Seve…

Read more
Discourse CVE-2024-45297 Unauthorized Access to Hidden Tag Topics
github.com · 2024-10-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Prevent topic list filtering by hidden tags for unau…

Read more
Sentry CVE-2024-45606 Improper Authorization on Alert Rule Muting
github.com · 2024-09-19

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Improper authorization on muting of ale…

Read more
Nix Unsafe NAR Unpacking Arbitrary File Write (CVE-2024-45593)
github.com · 2024-09-11

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Unsafe NAR unpacking 2. **Severity**: Critical (9.1/10) 3. **Publisher**: edolstra…

Read more
FreeScout 1.8.213 Security Update: Fixes XSS, Unauthorized Access, and Token Forgery
github.com · 2026-04-21

### Vulnerability Overview The webpage screenshot shows the changelog for version `1.8.213` of the `freescout-help-desk` project, which includes multiple security-related fixes. These fixes address va…

Read more
Magick.NET 14.12.0 Security Update: Fixes ImageMagick Heap/Stack Overflows and OOB Read Vulnerabilities
github.com · 2026-04-18

# Magick.NET 14.12.0 Vulnerability Summary ## Vulnerability Overview Magick.NET version 14.12.0 fixes multiple security vulnerabilities originating from ImageMagick, including heap overflow, stack ove…

Read more
FreeScout 1.8.211 Patch: Host Header Injection & checkIpByMax Vulnerabilities
github.com · 2026-04-02

### Vulnerability Overview This release (version 1.8.211) addresses the following security vulnerabilities and issues: * **Function Security Flaw**: Fixed a security vulnerability in the `helper::chec…

Read more
OAuth2 Proxy Multiple Critical Vulnerabilities: Auth Bypass via Health Check, X-Forwarded-Uri, and Email Validation (CVE
github.com · 2026-04-18

### Vulnerability Overview Multiple critical security vulnerabilities have been discovered in OAuth2 Proxy, including: 1. **Health Check User-Agent Authentication Bypass** 2. **Authentication Bypass v…

Read more
Kirby CMS Vulnerability Advisory: SSTI, Privilege Escalation, XML Injection (CVE-2026-34587)
github.com · 2026-04-24

### Vulnerability Overview 1. **Server-Side Template Injection (SSTI) via Double Template Parsing in Option Rendering** - **Description**: This vulnerability affects Kirby sites that use option fields…

Read more
Hono v4.11.7 Security Release: IP Bypass, Cache Leakage, and XSS Fixes
github.com · 2026-01-28

## Critical Vulnerability Information ### Security Release v4.11.7 includes security fixes for multiple vulnerabilities in Hono and related middleware. ### Vulnerability Details #### 1. IP Access Rest…

Read more
libarchive CVE-2026-5121 Integer Overflow RCE Vulnerability Advisory
github.com · 2026-04-18

# CVE-2026-5121 Vulnerability Summary ## Overview A vulnerability has been discovered in `libarchive`. On 32-bit systems, there is an integer overflow flaw in the allocation logic of `zsufs` block poi…

Read more
Issues in tough library and tuftool CLI utility
aws.amazon.com · 2026-04-25

# AWS Security Advisory: Security Issues in tough Library and tuftool CLI Tool **Advisory ID**: 2026-019-AWS **Release Time**: April 24, 2026 12:45 PM PDT **Severity**: Important (requires attention) …

Read more
icAnsToUrt08 Heap Buffer Overflow Vulnerability (CVSS 9.8) and Patch Details
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Name:** HBO in icAnsToUrt08 (Heap Buffer Overflow) **Summary:** * **Type:** Heap Buffer Overflow (HBO) and Remote Code Execution (RCE). * **Description:** Thi…

Read more
GitLab 2FA Brute Force (CVE-2020-3367) and Privilege Escalation Vulnerabilities
github.com · 2026-04-21

### Vulnerability Overview 1. **CVE-2020-3367 - 2FA OTP Verification Missing Rate Limiting** - **Description**: The 2FA OTP verification (`confirm_otp` operation) lacks rate limiting, locking mechanis…

Read more
Lightdash Stored XSS Vulnerability (CVE-2024-6585) Advisory
www.cve.org · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-6585 2. **Release Date**: 2024-08-30 3. **Update Date**: 2024-08-…

Read more
Youki Container Escape via procfs Write Redirect and AppArmor Bypass (CVE-2025-62596)
github.com · 2025-11-06

### Key Information #### Vulnerability Title - **Container escape and denial of service due to arbitrary write gadgets and procfs write redirects** #### Vulnerability ID - **GHSA-vf95-55w6-qmrF** - **…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.