Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Security Intel Hub 35666+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.4
PrintFriendly <= 5.5.10 Authenticated Stored XSS Vulnerability (CVE-2026-9738)
www.wordfence.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Print, PDF, Email by PrintFriendly <= 5.5.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'content_position_css' Parameter - **…

Read more
CVSS 5.3
WordPress AI Chatbot Plugin Unauthenticated Arbitrary Data Deletion (CVE-2026-6803)
www.wordfence.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup…

Read more
Premium intel
CVSS 9.8
Unauthenticated Command Injection in Vitec Flamingo (CVE-2026-60121) with PoC
damiri.fr · 2026-07-13

### Vulnerability Overview - **CVE ID**: CVE-2026-60121 - **Vulnerability Type**: Unauthenticated Command Injection - **Affected Endpoint**: `/admin/ajax/ping.php` - **Description**: A critical comman…

Read more
Premium intel
CVSS 9.8
Vitec Flamingo Unauthenticated OS Command Injection via ping.php (CVE-2026-60121)
www.vulncheck.com · 2026-07-13

### Vulnerability Overview Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability located in the `admin/ajax/ping.php` endpoint. Attackers can execute arbitrary commands …

Read more
Premium intel
CVSS 9.8
Vitec Flamingo Unauthenticated RCE via Command Injection in gen_graphs.php (CVE-2026-61498)
damiri.fr · 2026-07-13

### Vulnerability Overview CVE-2026-61498 is an unauthenticated command injection vulnerability affecting the `gen_graphs.php` component of Vitec Flamingo devices. This vulnerability allows remote una…

Read more
CVSS 4.3
Missing Authorization in WooCommerce Points and Rewards <=2.10.1 via AJAX Actions (CVE-2026-10628)
www.wordfence.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Points and Rewards for WooCommerce <= 2.10.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via Multiple AJAX Action…

Read more
FSB APT Exploitation of SNMP and Cisco Smart Install for Initial Access
www.darkreading.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Not explicitly specified, but involves multiple vulnerabilities and attack techniques. - **Primary Vulnerabilities**: - **SNMP Service**: Attackers…

Read more
CVSS 7.5
Red Hat Insights inCluster-checks Privilege Escalation to Node Root
bugzilla.redhat.com · 2026-07-13

### Vulnerability Overview - **Vulnerability ID**: Bug 2499647 (CVE-2026-15584) - **Title**: Red Hat Insights inCluster-checks: Privileged host-checkout debug pods created in shared default namespace …

Read more
CVSS 6.3
SQL Injection in Simple Online Leave Management System V1.0 (accept.php)
github.com · 2026-07-13

### Vulnerability Overview **Vulnerability Name**: SQL Injection Vulnerability in Simple Online Leave Management System V1.0 **Vulnerability Type**: SQL Injection **Affected File**: `/SimpleOnlineLeav…

Read more
PHP extension/readir.c sprintf Buffer Overflow Vulnerability Advisory
cgit.git.savannah.gnu.org · 2026-07-13

### Vulnerability Overview This vulnerability involves a potential buffer overflow in the `extension/readir.c` file, caused by the improper use of the `sprintf` function for buffer overflow checking. …

Read more
gawk do_sub integer overflow fix on 32-bit systems
cgit.git.savannah.gnu.org · 2026-07-13

### Vulnerability Overview This vulnerability involves potential integer overflows when calculating size limits, particularly on 32-bit systems. If an overflow occurs, it can lead to dynamic memory co…

Read more
Ruby Integer Overflow Fixes: Patching do_subln in builtin.c and parse_escape in node.c
cgit.git.savannah.gnu.org · 2026-07-13

### Vulnerability Overview The provided webpage screenshot displays a commit record titled "Minor integer overflow fixes," primarily focusing on remediation for integer overflow issues. Specifically, …

Read more
CVSS 6.3
SQL Injection in Simple Online Leave Management System V1.0
github.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected Product**: Simple Online Leave Management System V1.0 - **Vulnerable File**: `/SimpleOnlineLeave/admin/deletemp.php?id=5…

Read more
CVSS 6.5
Red Hat OpenShift Tempo Operator Query RBAC Bypass Vulnerability (CVE-2026-62147)
bugzilla.redhat.com · 2026-07-13

### Vulnerability Overview - **Bug ID**: Bug 2499635 (CVE-2026-62147) - **Vulnerability Name**: Tempo Operator: Tempo Operator: Query RBAC bypass - **Status**: NEW - **Product**: Security Response - *…

Read more
CVSS 8.8
Tomato firmware httpd stack buffer overflow vulnerability analysis
gitee.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Stack-based buffer overflow in Tomato firmware 'usr/sbin/httpd' DNS list rendering function - **Vulnerability Description**: A stack-based buffer o…

Read more
DIVD: EVBee Service App & DC Quick Charging Station Firmware Vulnerabilities (CVE-2026-22093 to 22103)
csirt.divd.nl · 2026-07-13

### Vulnerability Overview DIVD-2026-00001 reports multiple vulnerabilities in the EVBEE SERVICE APP and DC QUICK CHARGING STATION. These vulnerabilities include man-in-the-middle attacks, command inj…

Read more
CVSS 7.5
WordPress Golo Framework Plugin Local File Inclusion Vulnerability
patchstack.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Local File Inclusion Vulnerability in WordPress Golo Framework Plugin <= 1.7.3 - **Priority**: Low - **CVSS Score**: 7.5 - **Vulnerability Type**: …

Read more
Premium intel
CVSS 9.9
WordPress WoowBot Pro Max Arbitrary File Upload Vulnerability
patchstack.com · 2026-07-13

### Vulnerability Overview A high-priority arbitrary file upload vulnerability exists in the WordPress WoowBot Pro Max plugin versions <= 14.1.7. ### Affected Versions - **Affected Versions**: <= 14.1…

Read more
Premium intel
CVSS 9.8
WordPress RT-Theme 18 Extensions <=2.5 PHP Object Injection Vulnerability Advisory
patchstack.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: High Priority PHP Object Injection Vulnerability in WordPress RT-Theme 18 | Extensions Plugin <= 2.5 - **Priority**: High Priority - **CVSS Score**…

Read more
CVSS 7.1
WordPress Free Gifts for WooCommerce Plugin XSS Vulnerability Advisory
patchstack.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: WordPress Free Gifts for WooCommerce Plugin <= 13.1.0 contains a medium-priority Cross-Site Scripting (XSS) vulnerability. - **Vulnerability Type**…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.