Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Security Intel Hub 34960+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 7.5
Netflix Spinnaker KustomizationFileReader YAML Deserialization RCE Analysis
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the `KustomizationFileReader` class in the Netflix Spinnaker project. The vulnerability allows an attacker to achieve Remote Code Execution (RCE)…

Read more
Premium intel
CVSS 7.5
Spinnaker KustomizationFileReader YAML Unsafe Deserialization RCE Analysis
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the unsafe deserialization method used when parsing YAML files, allowing attackers to execute arbitrary code by crafting malicious YAML files. Sp…

Read more
Premium intel
CVSS 7.5
Spinnaker Rosco YAML Insecure Deserialization RCE Fix and POC
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the injection of malicious code during YAML file parsing due to the use of unsafe constructors. Specifically, dangerous objects can be instantiat…

Read more
Phalcon v5.14.1 SQL Injection in Mvc_Model_Query_Builder orderBy Fix
github.com · 2026-07-11

### Vulnerability Overview A vulnerability was identified in Phalcon v5.14.1 related to `Phalcon\Mvc\Model\Query\Builder`. This vulnerability involves an SQL injection risk, specifically occurring whe…

Read more
misskey SSRF: Bypassing Proxy to Access Internal Network Resources - Patch Analysis
github.com · 2026-07-11

### Vulnerability Overview This vulnerability affects the `fetchSummary` method in the `UriPreviewService.ts` file within the `misskey-dev/misskey` project. It allows an attacker to bypass proxy confi…

Read more
CVSS 7.1
CVE-2025-5580: IDOR in notes and dashboard widgets
github.com · 2026-07-11

### Vulnerability Overview **Title**: Cross-user IDOR in notes and dashboard widgets **Description**: - Three functions for modifying dashboards and notes execute their SQL queries without an ownershi…

Read more
Grist Open Redirect and XSS fix: URL sanitization for next param and DocTour links
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves missing sanitization of link URLs in two locations. Specifically: 1. In `/welcome/select-account`, URLs retrieved from the `next` parameter need …

Read more
CVSS 5.8
UTF-8 String Truncation Vulnerability Fix Report
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves a string truncation issue in the `utf8_to_unicode.cc` file. Specifically, when processing UTF-8 encoded strings, if the string length exceeds exp…

Read more
CVSS 5.8
CVE-2020-52761: utf8toUnicode bug causes bypass on i386
github.com · 2026-07-11

# Vulnerability Overview - **Vulnerability Name**: Transformation `utf8toUnicode` produces wrong output on i386 architecture - **Vulnerability Description**: The `utf8toUnicode` transformation produce…

Read more
Premium intel
CVSS 8.6
CVE-2024-21747: Multipart form-data parser bypass via embedded line breaks
github.com · 2026-07-11

# Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass ## Vulnerability Overview - **Vulnerability Name**: Multipart form-dat…

Read more
Frappe Path Traversal Vulnerability Fix in File Utils and Response Module
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves insufficient security checks on file paths in the `frappe/core/doctype/file/utils.py` and `frappe/utils/response.py` files, potentially leading t…

Read more
Frappe Framework Path Traversal Vulnerability Fix Analysis in download_backup
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves a path traversal flaw in the `download_backup` function within the Frappe framework. Attackers can exploit this by crafting malicious requests to…

Read more
Nezha Dashboard API Credential Exposure in List Endpoints
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the improper redaction of third-party credentials in the `ddns/notification` list responses. Specifically, the `GET /api/v1/ddns` and `GET /api/v…

Read more
Premium intel
CVSS 8.8
YamlHelper Unsafe Constructor RCE Vulnerability and Fix
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves a security issue within the YAML parser. Specifically, when parsing YAML files, unsafe constructors were not used, allowing attackers to achieve …

Read more
nezha-dashboard credential exposure in list API
github.com · 2026-07-11

### Vulnerability Overview **Vulnerability Name**: DDNS and Notification credential exposure via unredacted list API **Vulnerability Description**: - This vulnerability affects the `nezha-dashboard` s…

Read more
CVSS 8.1
Fix SSRF bypass via unhandled IPv6 unspecified address
github.com · 2026-07-11

### Vulnerability Overview - **Vulnerability Title**: Block IPv6 unspecified SSRF targets #2511 - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Vulnerability Description**: This vulne…

Read more
Premium intel
CVSS 8.8
YAML Unsafe Constructor RCE Vulnerability Analysis and Fix
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the use of unsafe constructors during YAML parsing, leading to potential security risks. Specifically: 1. **Arbitrary Object Instantiation**: Att…

Read more
Premium intel
CVSS 8.1
Typebot SSRF Vulnerability: Bypass via IPv6 Unspecified Address (::)
github.com · 2026-07-11

### Vulnerability Overview The SSRF protection in Typebot can be bypassed using the IPv6 unspecified address. The protection rules include `localhost`, `127.0.0.0/8`, `0.0.0.0/0`, `::1`, `fe80::/10`, …

Read more
Premium intel
CVSS 8.8
Spinnaker orca-core/roscro-core Unsafe YAML Deserialization RCE (CVE-2026-44795)
github.com · 2026-07-11

### Vulnerability Overview - **Vulnerability Name**: Non-safe YAML deserialization allowing RCE when using specific types - **Description**: Insecure YAML handling exists, bypassing safe deserializati…

Read more
Premium intel
CVSS 8.8
YAML Parser Unsafe Constructor RCE Vulnerability and Fix
github.com · 2026-07-11

### Vulnerability Overview This vulnerability involves the unsafe use of constructors in a YAML parser, potentially leading to arbitrary object instantiation and remote code execution (RCE). An attack…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.