Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Cyberduck/Mountain Duck SHA-1 Certificate Fingerprint Vulnerability (CVE-2024-41256) Advisory
github.com · 2025-07-06

### Key Information #### Vulnerability Overview - **Vulnerability Identifier**: SBA-ADV-20250325-02 - **Vulnerability Type**: Weak Hash Algorithm (CVE-2028: Use of Weak Hash) - **Affected Software**: …

Read more
HashiCorp Vault kv-v2 Plugin Information Disclosure via Malformed Data (CVE-2025-52893)
github.com · 2025-07-06

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Description**: SDK/framework vulnerability, preventing the leakage of additional …

Read more
CVE-2026-27830: c3p0 Java Deserialization RCE Vulnerability
github.com · 2026-02-26

### Critical Vulnerability Information #### Overview - **Title**: c3p0 prior to v0.12.0 can be dangerously abused to download and execute malicious code - **Publisher**: swaldman - **CVE ID**: CVE-202…

Read more
GitHub Actions pull_request_target Arbitrary Code Execution (CVE-2026-22869)
github.com · 2026-01-20

## Critical Vulnerability Information ### Vulnerability Title - **Arbitrary Code Execution via pull_request_target CI Workflow** ### Vulnerability Identifiers - **GHSA ID:** GHSA-gvh4-93cq-5xxp - **CV…

Read more
UmbracoForms RCE via Untrusted WSDL Compilation (CVE-2025-68924) and Mitigation
github.com · 2026-01-20

--- ### Vulnerability Information - **Vulnerability Name**: UmbracoForms Vulnerability, allowing Remote Code Execution via untrusted WSDL compilation in dynamic SOAP client generation - **CVE ID**: CV…

Read more
phpMyFAQ CVE-2025-59943 Duplicate Email Registration Vulnerability
github.com · 2025-10-04

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Duplicate email registration allows multiple accounts with the same email in phpMyFAQ - **CVE ID**: CVE-2025-59943 - **GHSA ID…

Read more
Envoy CONNECT Request Sync State Vulnerability (CVE-2025-64763) and Fix
github.com · 2025-12-04

## Vulnerability Overview - **CVE ID**: CVE-2025-64763 - **GHSA ID**: GHSA-rj35-4m94-77jh - **Publisher**: phlax - **Release Time**: 11 hours ago - **Severity**: Low (3.7/10) ## Vulnerability Details …

Read more
containerd CVE-2021-43816: Unprivileged Pod hostPath SELinux Bypass
github.com · 2025-11-13

### Critical Vulnerability Information #### Vulnerability Title containerd CRI plugin: Unprivileged pod using `hostPath` can side-step SELinux #### Release Information - **Released by**: dmcgowan - **…

Read more
Apollo GraphQL CVE-2024-43783/43414 Vulnerability Advisory
github.com · 2024-08-29

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability IDs**: - **CVE-2024-43783**: Payload limits may exceed configured maximum - **CVE-2024-434…

Read more
Runtipi CVE-2026-24129 Authenticated Command Injection via BackupManager
github.com · 2026-01-27

### Key Information Summary #### Vulnerability Overview - **Type**: Authenticated Arbitrary Remote Code Execution - **CVE ID**: CVE-2026-24129 - **Vulnerability Database**: GHSA-vrg5-rcj5-6gv9 #### Af…

Read more
jq CVE-2026-3316 Integer Overflow Leading to Heap Buffer Overflow
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Integer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad` allows heap buffer overflow - **CVE ID**: CVE-2026-3316 - **GHSA…

Read more
Multer DoS via Resource Exhaustion (CVE-2026-2359) Advisory
github.com · 2026-02-28

## Key Vulnerability Information ### Vulnerability Title **Multer vulnerable to Denial of Service via resource exhaustion** ### Vulnerability ID **GHSA-v52c-386h-88mc** **CVE-2026-2359** ### CVSS v4.0…

Read more
CVE-2025-61684: quickly library DoS via invalid QUIC frame assertion failure
github.com · 2026-01-20

### Vulnerability Overview - **Package**: quickly - **CVE ID**: CVE-2025-61684 - **GHSA**: GHSA-wr3c-345m-43v9 - **Severity**: High (7.5/10) ### Impact - **Affected versions**: commits up to 5d08216 -…

Read more
golang.org/x/crypto CVE-2025-22869 DoS via Slow Key Exchange
github.com · 2025-11-14

### Key Information - **Vulnerability Title:** golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange - **CVE ID:** CVE-2025-22869 - **GHSA ID:** GHSA-hcg3-q754-…

Read more
HedgeDoc <1.9.0 Slide Mode XSS Vulnerability (CVE-2021-39175)
github.com · 2025-11-07

### Key Information - **Vulnerability Name**: XSS vector in slide mode speaker-view - **Publisher**: davidmehren - **GHSA ID**: GHSA-j748-779h-9697 - **Release Date**: Aug 30, 2021 - **Severity**: Hig…

Read more
FreePBX Endpoint Manager Arbitrary File Upload Vulnerability (CVE-2025-61678)
github.com · 2025-10-15

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Authenticated Arbitrary File Upload in Endpoint Manager - **CVE ID**: CVE-2025-61678 - **GHSA ID**: GHSA-7p8x-8m3m-58j9 …

Read more
Octo-STS CVE-2025-52477 Unauthenticated SSRF via OIDC Flow
github.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow - **Severity**: High (8.6/10) - **CVE ID**: CVE-2025-524…

Read more
tfplan2md Sensitive Value Exposure Vulnerability (CVE-2026-27640)
github.com · 2026-02-25

- **Vulnerability Type**: Sensitive Value Exposure in Generated Reports - **Affected Package**: tfplan2md - **Affected Versions**: < v1.26.1 - **Patched Versions**: v1.26.1 - **Impact**: Caused report…

Read more
Caido DNS Rebind Bypass Leading to RCE (CVE-2026-24853)
github.com · 2026-02-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: Insufficient patch for DNS rebind leading to RCE - **Vulnerability ID**: GHSA-3q5q-p8vj-8783 - **CVE ID**: CVE-2026-24…

Read more
Zed Editor MCP Tool Parameter Disclosure Vulnerability (CVE-2026-25805)
github.com · 2026-02-11

From this webpage screenshot, the following key vulnerability information can be obtained: ### Vulnerability Overview - **Vulnerability Title**: Parameter Values are not shown for MCP Tool Calls. User…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.