Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Security Intel Hub 36081+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.1
Ragic Enterprise Cloud Database Stored XSS and Arbitrary File Upload Vulnerabilities (CVE-2026-15552/15553)
www.twcert.org.tw · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Ragic | Enterprise Cloud Database - 2 Vulnerabilities - **TVN ID**: TVN-20260703 - **CVE ID**: CVE-2026-15552, CVE-2026-15553 - **CVSS Score**: - C…

Read more
CVSS 3.3
kicad-mcp PathValidator not enforced, leading to directory traversal and enumeration
github.com · 2026-07-13

# [Potential Vulnerability] MCP Tool Bypasses Project's Own "PathValidator", Enabling Filesystem Probing and Directory Enumeration via "project_path" #57 ## Vulnerability Overview `kicad-mcp` is an MC…

Read more
CVSS 7.8
CVE-2026-9492: Gigabyte GCC MBStorage Local Privilege Escalation
www.twcert.org.tw · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: GIGABYTE | Gigabyte Control Center - Improper Access Control - **TVN ID**: TVN-202607004 - **CVE ID**: CVE-2026-9492 - **CVSS Score**: 7.8 (High) -…

Read more
NCSC & Allies Warning: FSB Exploiting Misconfigured Routers via SNMP Weaknesses
www.ncsc.gov.uk · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Network attacks resulting from misconfigured routers - **Attacker**: Center 18 of the Federal Security Service (FSB) of the Russian Federation - **…

Read more
CVSS 5.3
Unauthorized Persistent Autoload Injection via Unrestricted projectPath in tugcantopaloglu/godot-mcp run_project
github.com · 2026-07-13

### Vulnerability Overview **Vulnerability Name**: Unauthorized Persistent Autoload Injection via Unrestricted `projectPath` in `run_project` **Vulnerability Description**: In the `tugcantopaloglu/god…

Read more
CVSS 3.3
Path Traversal in @alioshr/memory-bank-mcp list_project_files
github.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Name**: Path Traversal in `list_project_files` Allows Directory Enumeration Outside MEMORY_BANK_ROOT - **Vulnerability ID**: #36 - **Reporter**: mcfly-zzh …

Read more
CVSS 3.3
memory-bank-mcp Path Traversal Vulnerability Advisory and Fix
github.com · 2026-07-13

Based on the provided webpage screenshot, here is a summary of the key information regarding the vulnerability: ### Vulnerability Overview This vulnerability involves a security issue within the `memo…

Read more
CVSS 6.3
AdLoop SSRF mitigation and multi-tenant isolation fix
github.com · 2026-07-13

### Vulnerability Overview The webpage screenshot displays a code commit regarding multi-tenant runtime context and pluggable security backends. It primarily involves improvements to the AdLoop runtim…

Read more
CVSS 6.3
adloop MCP Server SSRF via Unvalidated final_url Parameter
github.com · 2026-07-13

# [Potential Vulnerability] adloop fetches a caller-controlled URL with no scheme/host validation — SSRF + local-file access via final_url #41 ## Vulnerability Overview adloop is an MCP server providi…

Read more
CVSS 6.3
AdLoop v0.10.0 SSRF and LFI Vulnerability Patch
github.com · 2026-07-13

### Vulnerability Overview AdLoop version 0.10.0 fixes several security issues, including: 1. **SSRF Attack Protection**: Enhanced validation of `adfsitelink` URLs to prevent SSRF attacks that control…

Read more
CVSS 6.3
Simple Online Leave Management System V1.0 SQL Injection Vulnerability in dashboard.php with POC
github.com · 2026-07-13

# Vulnerability Overview - **Vulnerability Name**: Simple Online Leave Management System V1.0 /SimpleOnlineLeave/admin/dashboard.php SQL injection #2 - **Vulnerability Type**: SQL injection - **Affect…

Read more
CVSS 5.3
Heap Buffer Overflow in libredwg dwg2dxf R2004 DWG Parser
github.com · 2026-07-13

### Vulnerability Overview A heap buffer overflow write vulnerability exists in the `decompress_R2004_section` function within the `decode.c` file of `libredwg`. This vulnerability is triggered when p…

Read more
CVSS 5.3
Fix Heap-buffer-overflow WRITE in decompress_R2004_section (GHSA-gq2f-8389-w95j)
github.com · 2026-07-13

### Vulnerability Overview - **Vulnerability Type**: Heap-buffer-overflow WRITE - **Vulnerability Location**: `decompress_R2004_section` function - **Vulnerability Description**: In the `decompress_R2…

Read more
Premium intel
CVSS 5.0
Strix Agent Indirect Prompt Injection RCE via Unrestricted Pip Install
github.com · 2026-07-13

# Strix Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Remote Code Execution (RCE) via Indirect Prompt Injection due to Unrestricted Package Installation Policy and Missing …

Read more
CVSS 5.3
Arbitrary Local File Read in n8n-workflow-builder via update_node_from_file
github.com · 2026-07-13

# [Vulnerability] Arbitrary Local Text File Read via update_node_from_file Persists File Content into n8n Workflow #28 ## Vulnerability Overview The `update_node_from_file` MCP tool in `makafeli/n8n-w…

Read more
CVSS 4.7
Twill CMS 3.6.0 Unauthenticated Arbitrary File Upload to RCE via File Library
bytium.com · 2026-07-13

### Vulnerability Overview In Twill CMS version 3.6.0, the file library upload endpoint does not validate the type of uploaded files and stores them with their original extensions. Authenticated users…

Read more
Premium intel
CVSS 7.3
Jinher OA Pre-Auth SQL Injection in HttpOID Parameter
github.com · 2026-07-13

### Jinher OA SQL Injection Vulnerability Report #1 #### Vulnerability Overview - **Affected Product**: Jinher OA (Jhisoft OA) - **Affected Component**: /C6/JHSOFT.Web.PlanSummarize/PlanGiveOut.aspx -…

Read more
CVSS 7.0
Tencent QMUDisk Driver Privilege Escalation Vulnerability Analysis and POC
github.com · 2026-07-13

### Vulnerability Overview **Tencent QMUDisk Driver Privilege Escalation Vulnerability** - **Vulnerability Type**: Privilege Escalation / Arbitrary Process Termination / Driver Operation / Security Ca…

Read more
CVSS 5.6
AppleCMS V10 Pre-Auth RCE via Installation Logic Bypass
github.com · 2026-07-13

# Vulnerability Overview A logical vulnerability exists in the installation module of maccms10 (AppleCMS V10), allowing unauthorized remote attackers to bypass the installation lock by directly access…

Read more
CVSS 5.6
CMS Security Patch Advisory: Multiple Versions including XSS Fix
github.com · 2026-07-13

### Vulnerability Overview - **v2022.1000.3025**: Fixed Cross-Site Scripting (XSS) injection vulnerabilities in third-party content collection resources. - **v2022.1000.3026**: Addressed multiple secu…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.