Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
OpenEMR CVE-2026-25929 IDOR: Unauthorized Patient Photo Retrieval
github.com · 2026-02-26

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: Patient Picture Context Allows Arbitrary Patient Photo Retrieval - **CVE ID**: CVE-2026-25929 - **GHSA ID**: GHSA-778w…

Read more
TinyWeb CVE-2026-27630 Slowloris Remote DoS Vulnerability Advisory
github.com · 2026-02-26

### Key Information - **Vulnerability Name**: Remote Denial of Service via Thread/Connection Exhaustion (Slowloris) - **CVE ID**: CVE-2026-27630 - **GHSA ID**: GHSA-ccv5-8948-c99c - **Severity**: High…

Read more
Docker Model Runner Unauthenticated Runtime Flag Injection (CVE-2026-28400)
github.com · 2026-02-28

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Name**: Docker Model Runner Unauthenticated Runtime Flag Injection via `_configure` Endpoint - **GHSA**: GHSA-m456-c5…

Read more
firebase/php-jwt Weak Encryption Vulnerability (CVE-2025-45769)
github.com · 2026-02-21

### Critical Vulnerability Information - **CVE ID**: CVE-2025-45769 - **GHSA ID**: GHSA-2x45-7fc3-mxwq - **Vulnerability Name**: php-jwt contains weak encryption - **Severity**: High (CVSS v3 base sco…

Read more
free5GC NEF Information Exposure Vulnerability (CVE-2026-27643) Fix
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Role:** Professional translator specializing in cybersecurity. * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Cons…

Read more
RUSTSEC-2026-0007: Integer Overflow in bytes crate BytesMut::reserve
rustsec.org · 2026-02-05

# Vulnerability Information ## RUSTSEC-2026-0007 ### Overview - **Report Date**: 2026-02-03 - **Release Date**: 2026-02-03 (Last Modified: 2026-02-04) - **Affected Package**: bytes (crates.io) - **Vul…

Read more
Arbitrary File Write via Symlink Traversal in compressing npm package (CVE-2026-24884)
github.com · 2026-02-05

### Vulnerability Key Information #### Vulnerability Name Arbitrary File Write via Symlink Extraction in compressing #### Vulnerability Identifiers - GHSA ID: GHSA-cc8f-xg8v-72m3 - CVE ID: CVE-2026-24…

Read more
Hono Cache Middleware Ignores Cache-Control Leading to Web Cache Deception (CVE-2026-24472)
github.com · 2026-01-28

## Vulnerability Overview **Title**: Cache Middleware ignores `Cache-Control: private` leading to Web Cache Deception **CVE ID**: CVE-2026-24472 **GHSA**: GHSA-6wqw-2p9w-4vw4 **Severity**: Moderate (5…

Read more
AWS SageMaker Python SDK HMAC Key Disclosure and TLS Verification Bypass (CVE-2026-1777/1778)
aws.amazon.com · 2026-02-03

## Critical Vulnerability Information ### Advisory - **Advisory ID:** 2026-004-AWS - **Affected Scope:** AWS - **Content Type:** Important (Requires Attention) - **Release Date:** February 2, 2026, at…

Read more
CVE-2025-70458: DOM-based XSS in sourcecodester-domain-availability-checker v1.0
github.com · 2026-01-27

### Critical Vulnerability Information - **Vulnerability Type**: DOM-based Cross-Site Scripting (XSS) - **Affected Package**: `sourcecodester-domain-availability-checker` - **Affected Version**: 1.0 -…

Read more
Everest ISO151118-2 V2G Sequence State Validation Bypass (CVE-2026-24003)
github.com · 2026-01-27

### Key Information - **Vulnerability Name**: Sequence state validation bypass - **Vulnerability ID**: GHSA-9vv5-67cv-9crq - **Severity**: Moderate (4.3 / 10) - **CVE ID**: CVE-2026-24003 - **Affected…

Read more
phpMyFAQ CVE-2026-24420 Unauthorized Attachment Download via Loose Permission Check
github.com · 2026-01-27

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2026-24420 - **GHSA ID**: GHSA-7p9h-m7m8-vhhv - **Release Date**: 3 days ago - **Severity**: Medium (6.5/10) - **Affected Versions**: …

Read more
Saleor Rich Text XSS Vulnerability (CVE-2022-22849) Advisory
github.com · 2026-01-27

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Lack of proper HTML sanitization in rich text fields - **GHSA ID**: GHSA-8jcj-r5g2-qrpv - **CVSS Score**: 7.2/10 (High) - **CV…

Read more
CVE-2026-23848: Rate Limiting Bypass via X-Forwarded-For Header Spoofing
github.com · 2026-01-20

### Critical Vulnerability Information - **Vulnerability Title**: Rate Limiting Bypass via X-Forwarded-For Header Spoofing - **Classification**: Moderate - **Publisher**: frankl10xygen - **GHSA ID**: …

Read more
pypdf CVE-2026-22690 DoS Vulnerability Advisory and Fix
github.com · 2026-01-20

## Vulnerability Key Information ### Vulnerability Overview - **Name**: Possible long runtimes for missing /Root object with large /Size values - **CVE ID**: CVE-2026-22690 - **GHSA ID**: GHSA-4xc4-76…

Read more
curl/undici Unbounded Decompression Chain Resource Exhaustion (CVE-2026-22036)
github.com · 2026-01-20

### Vulnerability Key Information - **Vulnerability Title** - Unbounded decompression chain in HTTP responses via Content-Encoding leads to resource exhaustion - **Vulnerability Severity** - Low - **C…

Read more
Nextcloud Contacts Search Information Disclosure via Missing Access Control (CVE-2025-66510)
github.com · 2025-12-06

# Vulnerability Summary ## Vulnerability Title Contacts search allowed users to retrieve contact information of other users beyond their contact list ## Vulnerability Identifiers - **GHSA ID**: GHSA-4…

Read more
Nextcloud IDOR Vulnerability Advisory (CVE-2025-66553)
hackerone.com · 2025-12-06

## Vulnerability Key Information - **Vulnerability ID:** #3138721 - **Report Date:** May 11, 2025, 7:03 AM UTC - **Reporter:** daroo - **Reported To:** Nextcloud - **Severity:** Medium (4.3) - **Discl…

Read more
Nextcloud Tables Information Disclosure Vulnerability (CVE-2025-66553)
github.com · 2025-12-06

### Key Information Summary #### Vulnerability Details - **Title**: Tables app allowed users to view columns metadata information of any table - **Severity**: Moderate - **CVE ID**: CVE-2025-66553 - *…

Read more
CVE-2025-59840: Vega XSS via expressions leading to RCE
github.com · 2025-11-14

--- ### Vulnerability Summary - **Vulnerability Name**: Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable - **GHSA ID**: GHSA-…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.