Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Manyfold CVE-2026-27635 OS Command Injection via ZIP Filename RCE
github.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Overview - **Name**: OS command injection via ZIP filename in f3d render - **CVE ID**: CVE-2026-27635 - **GHSA ID**: GHSA-p589-cf26-v7h2 - **S…

Read more
sigstore timestamp-authority Improper Certificate Validation Bypass (CVE-2020-39984)
github.com · 2026-04-18

# Vulnerability Overview **Title**: Improper Certificate Validation in verifier **Severity**: Moderate (5.5 / 10) **CVE ID**: CVE-2020-39984 **GHSAs**: GHSA-xm5m-wgh2-rrg3 **Release Date**: 3 days ago…

Read more
Bash Command Injection in Gradle Completion (CVE-2026-25063)
github.com · 2026-01-30

## Bash command injection in gradle-completion ### Vulnerability Details - **Package:** gradle-completion (Gradle) - **CVE ID:** CVE-2026-25063 - **GHSA ID:** GHSA-qggc-44r3-cjgv ### Severity - **Seve…

Read more
Dolibarr 23.0.2 Security Update: SSRF and File Handling Vulnerabilities Fixed
github.com · 2026-04-07

# Dolibarr 23.0.2 Security Update Summary ## Vulnerability Overview This release (23.0.2) includes multiple security fixes and permission improvements, primarily addressing the following critical vuln…

Read more
Parse Server JWT Algorithm Confusion Account Takeover (CVE-2026-27804)
github.com · 2026-02-26

### Key Information Summary #### Vulnerability Details - **Title**: Account takeover via JWT algorithm confusion in Google auth adapter - **Vulnerability ID**: GHSA-4q3h-vp4r-prv2 - **CVE ID**: CVE-20…

Read more
Apptainer <1.4.5 --security Option Bypass Vulnerability (CVE-2025-65105)
github.com · 2025-12-04

## Vulnerability Key Information **Basic Information** - **Vulnerability Name**: Ineffective application of selinux / apparmor --security option - **Publisher**: DrDaveD - **Vulnerability ID**: GHSA-j…

Read more
iodine RubyGem Path Traversal Vulnerability (CVE-2024-22050) Advisory
github.com · 2025-11-07

### Key Information - **CVE ID**: CVE-2024-22050 - **GHSA ID**: GHSA-85rf-xh54-whp3 - **Package**: iodine (RubyGems) - **Affected Versions**: < 0.7.34 - **Patched Versions**: 0.7.34 - **Severity**: Lo…

Read more
Parse Dashboard CVE-2026-27608 Missing Authorization on Agent Endpoint
github.com · 2026-02-25

From this webpage screenshot, the following critical information regarding the vulnerability can be obtained: 1. **Vulnerability Information** - **Vulnerability Title**: Missing Authorization on Agent…

Read more
Command Injection in systeminformation via unsanitized iface parameter (CVE-2026-26280)
github.com · 2026-02-21

## Vulnerability Key Information ### Vulnerability Title Command Injection via unsanitized interface parameter in wifi.js retry path ### Vulnerability Identifiers - GHSA ID: GHSA-9c88-49p5-5ggf - CVE …

Read more
SiYuan Arbitrary File Write to RCE via /api/file/copyFile (CVE-2026-25539)
github.com · 2026-02-05

- **Vulnerability Description**: `Arbitrary File Write via /api/file/copyFile leading to RCE` - **Vulnerability Type**: `Improper Limitation of a Pathname to a Restricted Directory (CWE-22)` - **Affec…

Read more
Heap Buffer Overflow in iccDEV icCurvesFromXml() (CVE-2026-24412)
github.com · 2026-01-27

### Key Information Summary #### Vulnerability Details - **Vulnerability Name**: Heap Buffer Overflow in icCurvesFromXml() - **CVE ID**: CVE-2026-24412 - **Publisher**: xsscx - **Publication Time**: 3…

Read more
Decidim v0.30.5 Security Update: CVE-2026-23891 Fix Guide
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-23891 - **Vulnerability Description**: This vulnerability involves a security issue; specific details will be released on March 30, 2026, wh…

Read more
Helm v4.1.4 Security Fixes: Path Traversal, Unsigned Plugin Bypass
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** The Helm v4.1.4 release notes list three primary security fixes: 1. **GHSAl-hr2v-4r36-88hr**: Helm Chart extraction output directory collapse vulne…

Read more
Stored XSS in Frappe LMS (CVE-2026-34806)
github.com · 2026-04-03

# Frappe LMS 存储型 XSS 漏洞 (GHSA-rf5w-r34q-c7j2) **漏洞概述** * **漏洞名称**:Stored XSS in Frappe LMS * **严重程度**:Moderate (中等) * **CVE ID**:CVE-2026-34806 * **描述**:Frappe LMS 存在存储型跨站脚本 (Stored XSS) 漏洞。 **影响范围** …

Read more
Nautobot REST API User Management Bypasses Password Validation (CVE-2026-34283)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **CVE-2026-34283**: The Nautobot REST API's user management functionality does not enforce Django password validators. When creating…

Read more
Craft CMS CVE-2026-27129 IPv6 SSRF Protection Bypass via gethostbyname
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Role:** Professional translator specializing in cybersecurity. * **Cons…

Read more
CVE-2025-24293: Rails Active Storage Command Injection via Image Processing
github.com · 2026-01-31

## Vulnerability Information ### Overview - **CVE ID:** CVE-2025-24293 - **GHSA ID:** GHSA-r4mg-4433-c7g3 - **Severity:** Critical (9.2/10) ### Vulnerability Details - **Package:** activestorage (Ruby…

Read more
Tendenci Unrestricted Deserialization Vulnerability (CVE-2020-14942) Advisory
github.com · 2026-01-27

### Critical Vulnerability Information - **Vulnerability ID**: CVE-2020-14942 - **CVSS Score**: 9.3/10 (Critical Severity) - **Affected Versions**: - Tendenci Repository Issue: - GitHub Security Advis…

Read more
enclave-vm Sandbox Escape via Host Error Prototype Chain (CVE-2026-22686)
github.com · 2026-01-20

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Sandbox Escape via Host Error Prototype Chain in enclave-vm - **CVE ID**: CVE-2026-22686 - **GHSA ID**: GHSA-7qm7-455j-5p63 ##…

Read more
Rancher Fleet Sensitive Data Stored in Plaintext via Helm Values (CVE-2024-52284)
github.com · 2025-09-03

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2024-52284 - **GHSA ID**: GHSA-9h9x-9j5v-7w9h - **Severity**: High (7.7/10) - **CVSS v3 Base Metrics**: - Attack Ve…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.