Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 452— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Content Security Policy bypass via attachments · Advisory · mantisbt/mantisbt · GitHub
github.com · 2026-05-23

# Content Security Policy Bypass Vulnerability (GHSA-9c3j-xm6v-j7j3) ## Vulnerability Overview This vulnerability allows attackers to bypass the `script-src` directive of the `Content Security Policy`…

Read more
CVSS 8.0
filebrowser Command Execution Vulnerability CVE-2025-52904 Advisory
pkg.go.dev · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: GO-2025-3793 - **CVE ID**: CVE-2025-52904 - **GHSA ID**: GHSA-hc8f-m8g5-8362 - **Description**: Command Execution not Limited to Scope - **Publicatio…

Read more
CVSS 8.0
Vulnerability Advisory: Filebrowser GO-2025-3786 / CVE-2025-52903 Shell Command Injection
pkg.go.dev · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: GO-2025-3786 - **CVE ID**: CVE-2025-52903 - **GHSA ID**: GHSA-3q2w-42mv-cph4 - **Publication Date**: July 28, 2025 - **Description**: filebrowser all…

Read more
Premium intel
CVSS 10.0
Node.js v3.11.4 NodeVM Sandbox Escape Vulnerabilities Security Bulletin
github.com · 2026-06-13

### Vulnerability Overview Node.js v3.11.4 has been released, containing multiple security fixes. The primary vulnerabilities addressed are: 1. **Bridge Set Trap Ignoring ECMA-262 9.9.5.9 Receiver**: …

Read more
ftp: validate PASV response IP against control connection peer · erlang/otp@2691a80 · GitHub
github.com · 2026-06-13

### Vulnerability Overview This vulnerability involves an IP address validation issue in the PASV (Passive Mode) response of the FTP protocol. Specifically, when processing PASV responses, the FTP ser…

Read more
Premium intel
CVSS 8.5
CraftCMS file:// Validation Bypass Leading to File Overwrite and Potential RCE
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Name**: Local File System Validation Bypass Leading to File O…

Read more
CVSS 7.7
lxml_html_clean XSS via SVG/Math context switching bypass (CVE-2024-52595)
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: HTML Cleaner allows crafted scripts in special contexts like svg or math…

Read more
Rust Cache Crate Thread Safety Vulnerability (RUSTSEC-2020-0128/CVE-2020-36448)
rustsec.org · 2025-11-08

This image is from the Rust Security Advisory Database. Here are the key points about the vulnerability: ### Key Information: - **Advisory ID:** RUSTSEC-2020-0128 - **Reported Date:** November 24, 202…

Read more
CVSS 6.4
Zed Editor MCP Tool Parameter Disclosure Vulnerability (CVE-2026-25805)
github.com · 2026-02-11

From this webpage screenshot, the following key vulnerability information can be obtained: ### Vulnerability Overview - **Vulnerability Title**: Parameter Values are not shown for MCP Tool Calls. User…

Read more
CVSS 8.1
Caido DNS Rebind Bypass Leading to RCE (CVE-2026-24853)
github.com · 2026-02-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: Insufficient patch for DNS rebind leading to RCE - **Vulnerability ID**: GHSA-3q5q-p8vj-8783 - **CVE ID**: CVE-2026-24…

Read more
tfplan2md Sensitive Value Exposure Vulnerability (CVE-2026-27640)
github.com · 2026-02-25

- **Vulnerability Type**: Sensitive Value Exposure in Generated Reports - **Affected Package**: tfplan2md - **Affected Versions**: < v1.26.1 - **Patched Versions**: v1.26.1 - **Impact**: Caused report…

Read more
Premium intel
CVSS 8.2
Shell Injection RCE in pamusb-conf and pamusb-agent (CVE-2026-4712)
github.com · 2026-05-28

### Vulnerability Overview - **Vulnerability Name**: Shell injection via device UUID and username in pamusb-conf and pamusb-agent - **Vulnerability ID**: GHSA-jgv5-w6rm-7xwg - **Severity**: High (CVSS…

Read more
Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution | Advisories | VulnCheck
www.vulncheck.com · 2026-06-13

# Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution ## Vulnerability Overview Versions of Ghidra prior to 12.1 contain a path traversal vulnerability in `SameDi…

Read more
Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser | Advisories | VulnCheck
www.vulncheck.com · 2026-06-13

# Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser ## Vulnerability Overview Versions of Ghidra prior to 12.1.1 contain an uncontrolled memory allocation vulnera…

Read more
Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser | Advisories | VulnCheck
www.vulncheck.com · 2026-06-13

# Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser ## Vulnerability Overview An uncontrolled resource consumption vulnerability exists in Ghidra versions 10.2…

Read more
path traversal in mbstream · Advisory · MariaDB/server · GitHub
github.com · 2026-06-13

# Vulnerability Overview - **Vulnerability Name**: path traversal in mbstream - **Vulnerability ID**: GHSA-9pjh-5whw-65v9 - **Severity**: Moderate (6.3 / 10) - **CVSS v3 Base Metrics**: - Attack vecto…

Read more
Uncontrolled Resource Consumption in MachoLoader · Advisory · NationalSecurityAgency/ghidra · GitHub
github.com · 2026-06-13

# Vulnerability Overview - **Vulnerability Name**: Uncontrolled Resource Consumption in MachoLoader - **CVE Number**: GHSA-v6c3-h9cp-3w6f - **Severity**: Medium (5.5 / 10) - **CVSS v3 Base Metrics**: …

Read more
CVSS 8.6
Octo-STS CVE-2025-52477 Unauthenticated SSRF via OIDC Flow
github.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow - **Severity**: High (8.6/10) - **CVE ID**: CVE-2025-524…

Read more
FreePBX Endpoint Manager Arbitrary File Upload Vulnerability (CVE-2025-61678)
github.com · 2025-10-15

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Authenticated Arbitrary File Upload in Endpoint Manager - **CVE ID**: CVE-2025-61678 - **GHSA ID**: GHSA-7p8x-8m3m-58j9 …

Read more
CVSS 8.1
HedgeDoc <1.9.0 Slide Mode XSS Vulnerability (CVE-2021-39175)
github.com · 2025-11-07

### Key Information - **Vulnerability Name**: XSS vector in slide mode speaker-view - **Publisher**: davidmehren - **GHSA ID**: GHSA-j748-779h-9697 - **Release Date**: Aug 30, 2021 - **Severity**: Hig…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.