Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
CVE-2025-54801: Go Fiber BodyParser Out-of-Bounds Slice Allocation DoS
github.com · 2025-08-07

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Crash in `BodyParser` Due to Unvalidated Large Slice Index in Decoder - **CVE ID**: CVE-2025-54801 - **GHSA ID**: GHSA-qx2q-88…

Read more
CVE-2024-7592: CPython Cookie Parsing DoS Vulnerability
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: There is a LOW severity vulnerability affecting CPython, ... 2. **Vulner…

Read more
Canonical Juju CVE-2024-8038 Local DoS via Unauthenticated UNIX Socket
www.cve.org · 2024-10-03

### Key Information #### CVE-2024-8038 - **CNA (Canonical Ltd.)** - **Published**: 2024-10-02 - **Updated**: 2024-10-02 #### Description - **Vulnerable juju introspection abstract UNIX domain socket**…

Read more
SumatraPDF Untrusted Search Path Vulnerability (CVE-2026-25880) Analysis
github.com · 2026-02-10

### Vulnerability Key Information #### Vulnerability Details - **Name**: Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows) - **Identifier**: GHSA-5x4h-247q-px37 - **CVE ID**: CVE-20…

Read more
XWiki Confluence Bridges RCE via Velocity Execution (CVE-2025-65036)
github.com · 2025-12-06

### Vulnerability Key Information #### Title - **Remote code execution using the confluence details summary macro** #### Reference - **GHSA-472x-fwh9-r82f** #### Severity - **Severity: High 8.3 / 10**…

Read more
iTop Webhook Database Drop Vulnerability (CVE-2025-49145)
github.com · 2025-11-11

### Vulnerability Key Information #### Vulnerability Title iTop admin can drop iTop database using webhooks #### Publisher and Publication Time - **Publisher**: BenGrenoble - **Publication Time**: 16 …

Read more
cyclonedx-core-java XXE Vulnerability (CVE-2025-64518) Advisory
github.com · 2025-11-11

### Vulnerability Key Information #### Vulnerability Name BOM validation is vulnerable to XML External Entity injection #### Severity - **Level**: High - **CVSS v3 base metrics** - Attack vector: Netw…

Read more
Tuleap CVE-2024-23344 Unauthorized Artifact Readability Vulnerability Advisory
github.com · 2025-11-08

### Vulnerability Key Information #### Vulnerability Description - **Name**: Content of artifacts might be readable by unauthorized users - **CVE ID**: CVE-2024-23344 - **Publisher**: LeSuisse - **Rel…

Read more
Firebird CVE-2025-24975 Unauth Access to Encrypted DB via ExtConnPool
github.com · 2025-08-16

### Critical Vulnerability Information #### Vulnerability Title - **Non-authorized (without secret key) access to encrypted database using execute statement on external.** #### Severity - **Severity**…

Read more
Authd PAM Module User Impersonation Vulnerability (CVE-2024-9313)
github.com · 2024-10-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: PAM module may allow accessing with the…

Read more
Email injection via unescaped user-controlled placeholders in pretalx mail templates · Advisory · pretalx/pretalx · GitH
github.com · 2026-04-25

# Vulnerability Summary: Unescaped User-Controlled Placeholders in Pretalx Email Templates Lead to Email Injection ## Overview In the `pretalx` email templates, there exist unescaped user-controlled p…

Read more
lxml iterparse() Default XXE Vulnerability (CVE-2024-41096)
github.com · 2026-04-25

# Vulnerability Overview - **Vulnerability Title**: Default configuration of `iterparse()` and `ETCompatXMLParser()` allows XXE access to local files - **CVE ID**: CVE-2024-41096 - **CVSS Score**: 7.5…

Read more
Composer 2.9.6 Security Update: Command Injection, Credential Leak, and Weak Encryption Fixes
github.com · 2026-04-18

# Composer 2.9.6 Security Update Summary ## Vulnerability Overview Composer version 2.9.6 fixes multiple critical security vulnerabilities, mainly involving command injection, credential leakage, and …

Read more
jwcrypto CVE-2024-28102 JWT Bomb DoS Vulnerability and PoC
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2024-28102 (GHSA ID: GHSA-jfjm-76x2-c4q4; screenshot on the right displays CVE-2026-30373) * **Vulnerability N…

Read more
parse-server GraphQL Complexity Validator DoS Vulnerability (CVE-2026-34573) Fix
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: GraphQL complexity validator exponential fragment traversal DoS - **CVE ID**: CVE-2026-34573 - **GSA ID**:…

Read more
Nautobot CVE-2024-34263 Password Validation Bypass Fix
github.com · 2026-04-02

## Vulnerability Summary ### Vulnerability Overview **CVE-2024-34263**: Nautobot fails to enforce Django's configured password validation rules when managing users via the REST API. When creating or e…

Read more
Dataease SQLBot Access Control Vulnerability (CVE-2025-15597)
vuldb.com · 2026-03-02

- **Vulnerability Information**: - **CVE ID**: CVE-2025-15597 - **GHSA ID**: GHSA-H4XM-3Q3P-5G6R - **VDB ID**: VDB-348291 - **Severity Metrics**: - **CVSS Meta Temp Score**: 5.7 - **CTI Interest Score…

Read more
Vim :tabpanel Sandbox Escape Leading to OS Command Injection
www.openwall.com · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the `:tabpanel` option within the Vim editor (CWE-78: OS Command Injection). When a user opens a file containing…

Read more
Discourse Privilege Escalation via Mass Assignment (CVE-2026-28219)
github.com · 2026-02-27

## Vulnerability Information - **Title**: Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners - **GHSA ID**: GHSA-8v26-9f7h-jc8x - **CVE ID**: CVE-2026-28219 …

Read more
yt-dlp CVE-2026-26331 Arbitrary Command Injection via --netrc-cmd
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Role:** Professional translator specializing in cybersecurity. * **Cons…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.