Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

Security Intel Hub 11+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Critical
GitLab gitlab-shell RCE Vulnerability CVE-2024-39934 Analysis and Fix
CVE-2024-39934 · github.com · 2026-04-03
GitLab 16.0.0 to 16.7.0 · GitLab 15.0.0 to 15.11.0 …
Read more
High
MCP Go SDK Default DNS Rebinding Protection Disabled on Localhost
github.com · 2026-04-03
Model Context Protocol Go SDK < 1.4.0
Read more
High
Puppet Forge Fixes Arbitrary Code Execution in puppet-lint
github.com · 2026-04-03
puppet-lint < 2.5.3
Read more
High
fio: Fix for DNS rebinding attack on localhost server
github.com · 2026-04-03
fio (all versions prior to the fix in PR #760 / #7150)
Read more
Critical
Apache Log4j2 JNDI Injection RCE Vulnerability (CVE-2021-44228) Analysis and Exploitation
CVE-2021-44228 · github.com · 2026-04-02
Apache Log4j2 2.0-beta9 to 2.14.1
Read more
Medium
CVE-2024-34337: Hardcoded Wildcard CORS in Java MCP SDK
CVE-2024-34337 · github.com · 2026-04-02
io.modelcontextprotocol.sdk:mcp-core < 1.0.0 · io.modelcontextprotocol.sdk:mcp-core < 1.1.1
Read more
High
MCP TypeScript SDK Cross-client Response Data Leak (CVE-2026-25536)
CVE-2026-25536 · github.com · 2026-02-05
modelcontextprotocol/typescript-sdk
Read more
High
CVE-2025-66414: MCP TypeScript SDK DNS Rebinding Protection Disabled by Default
CVE-2025-66414 · github.com · 2025-12-04
Model Context Protocol TypeScript SDK < 1.24.0
Read more
High
MCP Inspector Pre-Auth XSS Leading to RCE (CVE-2025-58444)
CVE-2025-58444 · github.com · 2025-09-10
MCP Inspector < 0.16.6
Read more
High
DoS Vulnerability in mcp Python Library Streamable HTTP Transport (CVE-2025-53365)
CVE-2025-53365 · github.com · 2025-07-06
mcp < 1.10.0
Read more
High
CVE-2025-53109: Path validation bypass via symlink handling in @modelcontextprotocol/server-filesystem
CVE-2025-53109 · github.com · 2025-07-06
@modelcontextprotocol/server-filesystem < 0.6.3 · @modelcontextprotocol/server-filesystem < 2025.3.28
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.