Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 9.8
Milvus CVE-2026-26190: Unauth Access on Port 9091 Leads to RCE
github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise - **Severity**: Critica…

Read more
CVSS 4.7
MCMS 6.1.1 Template Upload Conditional Race Condition RCE
github.com · 2026-02-21

**Vulnerability Summary:** - **Vulnerability ID:** #11 - **Product:** MCMS (Mingfei CMS) - **Affected Version:** 6.1.1 - **Vulnerability Type:** Conditional Flaw (Conditional Competition) - **Risk Lev…

Read more
Premium intel
CVSS 9.8
IoT Devices CVE Summary: RCE, XSS, SQLi, Supply Chain
chocapikk.com · 2026-02-21

### Vulnerability Key Information Summary #### 1. Vulnerability Type and Description - **CVE-2023-50917: Console Eval RCE** - Type: Remote Code Execution (RCE) - Cause: Unauthorized users can exploit …

Read more
CVSS 7.3
CVE-2026-2983: File Access Control Vulnerability in SourceCodester Student Result Management System
vuldb.com · 2026-02-23

### Key Information - **Vulnerability ID**: CVE-2026-2983, VDB-347366, GCVE-100-347366 - **System**: SourceCodester Student Result Management System 1.0 - **File Path**: /admin/core/import_users.php -…

Read more
Premium intel
CVSS 9.8
FreeScout CVE-2026-27636 Authenticated RCE via .htaccess File Upload
github.com · 2026-02-25

# Critical Vulnerability Information ## Vulnerability Overview The file upload restriction list in FreeScout does not include `.htaccess` and `.user.ini` files. On Apache servers configured with `Allo…

Read more
Order Notification for WooCommerce Unauthenticated Access Vulnerability with POC
wpscan.com · 2026-04-02

### Vulnerability Overview This vulnerability exists in the **Order Notification for WooCommerce** plugin. The plugin incorrectly overrides WooCommerce's permission check mechanism, allowing attackers…

Read more
CVSS 8.5
SQL Injection in WordPress ELEX WooCommerce Advanced Bulk Edit Plugin (CVE-2025-XXXX)
patchstack.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attribute…

Read more
Mbed TLS CVE-2026-34874 Null Pointer Dereference Leading to RCE
mbed-tls.readthedocs.io · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **CVE ID** | CVE-2026-34874 | | **Title** | Null pointer dereference when setting a distinguished n…

Read more
Premium intel
CVSS 9.1
MB connect line mbCONNECT24 Multiple Vulnerabilities: RCE, SQLi, Unauth Access (CVE-2026-2813)
certvde.com · 2026-04-02

# MB connect line Multiple Vulnerabilities (VDE-2026-030) ### Summary Multiple vulnerabilities have been identified in **mbCONNECT24** and **mymbCONNECT24** products from MB connect line, potentially …

Read more
CVSS 6.5
SourceCoderster/Mayuri_L 1.0 Access Control Bypass in ajax.php (CVE-2026-5330)
vuldb.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Name:** SourceCoderster/mayuri_l Best Courier Management System 1.0 User Delete AJAX.PHP? Action=Delete_User ID Access Control **CVE ID:** CVE…

Read more
SSTI to RCE in agent.py Text Processing Component via Jinja2
github.com · 2026-04-04

# Vulnerability Summary: Server-Side Template Injection (SSTI) in Agent "Text Processing" Component ## Vulnerability Overview * **Vulnerability Type**: Server-Side Template Injection (SSTI) leading to…

Read more
CVSS 5.4
SourceCodester Online Food Ordering System v1.0 Business Logic Flaw: Negative Price Input Validation Bypass
github.com · 2026-04-09

### Vulnerability Overview * **Vulnerability Type**: Business Logic Error / Improper Input Validation * **Vendor**: SourceCodester * **Product**: Online Food Ordering System * **Version**: 1.0 * **Aff…

Read more
Command Injection in stata_do Leading to RCE via subprocess shell=True
github.com · 2026-04-09

### Vulnerability Overview This vulnerability exists in the `stata_do` tool and is classified as a **Command Injection** vulnerability. * **Root Cause**: The server directly executes user-provided or …

Read more
CVSS 6.7
cl4ms Fileeditor Auth Bypass and RCE via Unvalidated Path Access
github.com · 2026-04-09

# Fileeditor Authorization Bypass Vulnerability Summary ## Vulnerability Overview The Fileeditor controller defines a `$hiddenItems` array containing sensitive paths (e.g., `.env`, `composer.json`, `v…

Read more
CVSS 5.3
LangChain langchain-core Prompt Template Attribute Access Vulnerability Leading to RCE and Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Prompt Template component of the LangChain core library (`langchain-core`). Attackers can access high-risk P…

Read more
Premium intel
CVSS 8.8
Composer CVE-2024-45261 Command Injection via Perforce Source Reference
github.com · 2026-04-18

# Vulnerability Overview **Title**: Command injection via malicious Perforce source reference/url **CVE ID**: CVE-2024-45261 **Severity**: High (8.8 / 10) **Description**: Composer has a command injec…

Read more
Atlassian April 2026 Security Bulletin: 31 High/Critical CVEs including RCE in Confluence
confluence.atlassian.com · 2026-04-22

# Atlassian Security Bulletin Summary – April 21, 2026 ## Vulnerability Overview This security bulletin includes **31 high-severity vulnerabilities** and **7 critical vulnerabilities**, affecting mult…

Read more
CVE-502: RCE via Unsafe Pickle Deserialization in Async Inference Pipeline
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability ID**: CVE-502 (Deserialization of Untrusted Data) - **Description**: In the asynchronous inference pipeline, there exist unsafe calls to `pickle.l…

Read more
DeskTime CVE-2025-10539: Missing TLS Certificate Validation Leading to RCE
r.sec-consult.com · 2026-04-28

# Vulnerability Summary: Missing TLS Certificate Validation leading to RCE (CVE-2025-10539) ## Vulnerability Overview **CVE-2025-10539**: Due to missing TLS certificate validation, an attacker can inj…

Read more
Premium intel
CVSS 7.3
SQL Injection in SourceCoder Advanced School Management System V1.0
github.com · 2026-05-01

# SourceCoder Advanced School Management System SQL Injection Vulnerability Summary ## Vulnerability Overview * **Product Name**: SourceCoder Advanced School Management System with Complete Features V…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.