Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Security Intel Hub 34960+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
OpenBMB XAgent 1.0.0 Path Traversal Vulnerability Analysis
gist.github.com · 2026-07-14

### Vulnerability Overview **Vulnerability Name**: OpenBMB XAgent 1.0.0 Path Traversal Vulnerability **Vulnerability Type**: Path Traversal **Impact**: Information Disclosure **Description**: The `fil…

Read more
LogicalDOC Enterprise CVE-2025-45869 Unauthenticated SSRF Vulnerability Advisory
github.com · 2026-07-14

### Vulnerability Overview **CVE-2025-45869 (Unauthenticated SSRF in ShareFileCallback)** - **Product**: LogicalDOC Enterprise - **Version**: LogicalDOC Enterprise <= 9.1.1 - **Vulnerable Component**:…

Read more
CVSS 6.1
CVE-2020-49971: Stored XSS via SVG Upload in plank/laravel-mediable
github.com · 2026-07-14

### Vulnerability Overview - **Vulnerability ID**: CVE-2020-49971 - **Vulnerability Type**: Stored XSS (Stored Cross-Site Scripting) - **Vulnerability Description**: A stored XSS vulnerability is caus…

Read more
Phoenix LiveView XSS Vulnerability CVE-2026-58228 Fix and Exploitation Analysis
cna.erlef.org · 2026-07-14

### Vulnerability Overview - **CVE ID**: CVE-2026-58228 - **Vulnerability Type**: Cross-Site Scripting (XSS) - **CVSS Score**: 5.1 (Medium) - **Description**: A URL scheme validation bypass vulnerabil…

Read more
Fix for URI Scheme Logic Error in Phoenix Live View
github.com · 2026-07-14

### Vulnerability Overview This vulnerability involves the `uri_scheme` function within the `phoenix_live_view` library. A logic error in this function when handling URI schemes may lead to security i…

Read more
Premium intel
CVSS 8.8
laravel-mediable SSRF/XSS/LPE Vulnerability Fixes and Hardening Guide
github.com · 2026-07-14

### Vulnerability Overview This web screenshot displays a security update for the library `plank/laravel-mediable`. This update provides a security fix, and upgrading is strongly recommended. The main…

Read more
Premium intel
CVSS 8.8
CVE-2026-4970 Path Traversal Vulnerability Advisory and Patch Analysis
github.com · 2026-07-14

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-4970 - **Vulnerability Type**: Path Traversal - **Description**: A path traversal vulnerability exists in the `sanitizePath()` function due …

Read more
CVSS 7.4
CVE-2026-49969 SSRF Vulnerability in RemoteUrlAdapter and Fix
github.com · 2026-07-14

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-49969 - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: A SSRF vulnerability exists in `RemoteUrlAdapter` due …

Read more
Premium intel
CVSS 8.8
CVE-2026-49972 mediable RCE via double extension bypass and fix
github.com · 2026-07-14

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-49972 - **Vulnerability Type**: Remote Code Execution (RCE) - **Root Cause**: Bypass via double extensions in filenames ### Scope of Impact …

Read more
CVSS 6.3
Eleveo Call Recording Software Broken Access Control Bypass (CVE-2026-15473)
github.com · 2026-07-14

### Vulnerability Overview A Broken Access Control vulnerability exists in the `restoreCallAction.do` endpoint of Eleveo Call Recording Software 9.7.0. This vulnerability allows low-privilege authenti…

Read more
CVSS 4.3
Eleveo Call Recording Software 9.7.0 Broken Access Control Vulnerability Analysis
github.com · 2026-07-14

### Vulnerability Overview Eleveo Call Recording Software 9.7.0 contains multiple Broken Access Control vulnerabilities. These allow low-privileged authenticated users (including those without "Users …

Read more
CVSS 4.3
Eleveo Call Recording Software Broken Access Control to PCI Compliance Status (CVE-2026-15471)
github.com · 2026-07-14

### Vulnerability Overview Eleveo Call Recording Software 9.7.0 contains an authorization control vulnerability in the `pci_dss_status.jsp` endpoint. This vulnerability allows low-privileged authentic…

Read more
CVSS 8.2
U-Boot Network Stack Vulnerabilities: Integer Underflow OOB Read (CVE-2026-29007/29008) and Buffer Overflow RCE (CVE-202
y637f9qq2x.com · 2026-07-14

### Vulnerability Overview The provided web screenshot describes three vulnerabilities in U-Boot: 1. **CVE-2026-29007**: An integer underflow in the `tcp_rx_state_machine()` function, leading to an ou…

Read more
CVSS 4.3
Eleveo Call Recording Software Insecure Direct Object Reference Vulnerability
github.com · 2026-07-14

### Vulnerability Overview Eleveo Call Recording Software version 9.7.0 contains multiple access control vulnerabilities that allow low-privilege authenticated users to bypass administrator-defined fi…

Read more
CVSS 5.3
Rejetto HFS Pre-Auth Username Enumeration Vulnerability (CVE-2026-61503)
www.vulncheck.com · 2026-07-14

### Vulnerability Overview - **Vulnerability Name**: Rejetto HFS < 3.2.1 Username Enumeration Vulnerability - **Description**: Rejetto HFS versions 3.0.0 through 3.2.0 return discernibly different res…

Read more
CVSS 6.1
Blender DNA Buffer Out-of-Bounds Access Fix
projects.blender.org · 2026-07-14

### Vulnerability Overview This vulnerability involves several potential errors that may occur when processing corrupted DNA data. Specifically, these include: - Invalid array size values (negative or…

Read more
Premium intel
CVSS 8.6
Path Traversal in GitLab Job Tools Enables Arbitrary API Requests via job_id
github.com · 2026-07-14

# Vulnerability Overview - **Vulnerability Title**: Path traversal in `job_id` turns a job tool into an arbitrary GitLab API request under the operator token #587 - **Vulnerability ID**: #592 - **Stat…

Read more
Premium intel
CVSS 8.6
GitLab API Path Traversal Vulnerability Fix Guide
github.com · 2026-07-14

### Vulnerability Overview This vulnerability involves the incorrect encoding of job and pipeline IDs in GitLab API paths, leading to potential security issues. Specifically, job IDs and pipeline IDs …

Read more
Premium intel
CVSS 8.8
Shiori BOLA/IDOR: Authenticated User Privilege Escalation to Admin via API
github.com · 2026-07-14

# Authenticated User Can Self-Escalate to Administrator via PATCH /api/v1/auth/account #1196 ## Vulnerability Overview In Shiori, the `PATCH /api/v1/auth/account` endpoint allows any authenticated use…

Read more
Premium intel
CVSS 8.6
mcp-gitlab Path Traversal via job_id Parameter (CVE-2026-61462)
www.vulncheck.com · 2026-07-14

# mcp-gitlab Path Traversal via job_id Parameter ## Vulnerability Overview mcp-gitlab contains a path traversal vulnerability in the `job_id` parameter within `build/index.js`, allowing attackers to r…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.