Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 9.1
ChurchCRM Backup Restore RCE Fix: Validate Extracted Images
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: security: validate extracted images in backup restore #8610 - **Vulnerability Description**: During the backup restoration process, extracted image…

Read more
Rclone Unauthenticated RCE via WebDAV Backend Instantiation in fsinfo Endpoint
github.com · 2026-04-23

# Vulnerability Summary: Rclone WebDAV Backend Instantiation and Command Execution Vulnerability ## Overview The `operations/fsinfo` endpoint of Rclone is exposed without setting `AuthRequired: true`,…

Read more
Premium intel
CVSS 10.0
Unauthenticated RCE in Paperclip via Import Authorization Bypass (CVE-2026-41679)
github.com · 2026-04-23

# Vulnerability Summary: Paperclip Unauthenticated Remote Code Execution (RCE) ## Vulnerability Overview **Title**: Unauthenticated Remote Code Execution via Import Authorization Bypass **Severity Lev…

Read more
CVSS 3.7
bettercap zerogod IPP Chunked Body Unrecovered Panic DoS
github.com · 2026-05-11

# zerogod IPP Chunked Body - Unrecovered Panic via OOB uint64 Allocation ## Vulnerability Overview An unrecovered panic vulnerability exists in the `zerogod` module of `bettercap` when handling the IP…

Read more
CVSS 6.5
GitLab Trusted Resources URL Parsing Bypass Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves improper handling of the `git` prefix when parsing and matching resource URLs, leading to potential security issues. Specific manifestations incl…

Read more
Premium intel
CVSS 7.5
Manyfold CVE-2026-27635 OS Command Injection via ZIP Filename RCE
github.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Overview - **Name**: OS command injection via ZIP filename in f3d render - **CVE ID**: CVE-2026-27635 - **GHSA ID**: GHSA-p589-cf26-v7h2 - **S…

Read more
Siemens JT2Go CVE-2020-28383 Vulnerability Advisory: RCE via PAR File Parsing
www.zerodayinitiative.com · 2025-11-14

## Vulnerability Key Information - **CVE ID**: CVE-2020-28383 - **CVSS Score**: 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - **Affected Vendors**: Siemens - **Affected Products**: JT2Go - **Vulnerabilit…

Read more
CVSS 7.2
WooCommerce Custom Product Tabs Lite 1.9.1 Update: Potential SQLi and Deserialization Risks
plugins.trac.wordpress.org · 2026-02-26

### Key Information #### Changeset - **ID**: 3226839 - **Timestamp**: 01/22/2025 12:34:55 PM - **Author**: SkyVerge - **Message**: Committing 1.9.1 to trunk - **Location**: woocommerce-custom-product-…

Read more
CVSS 7.5
MoreConvert Wishlist for WooCommerce Improper Authorization Vulnerability (CVE-2024-13694)
www.wordfence.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Description - **CVE ID**: CVE-2024-13694 - **CVSS Score**: 7.5 (High) - **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - **Vuln…

Read more
Premium intel
CVSS 6.6
LangGraph BaseCache Deserialization RCE (CVE-2026-27794)
github.com · 2026-02-26

The following key information about the vulnerability can be obtained from the screenshot: ```markdown ## Vulnerability Overview - **Vulnerability Identifier**: ZDI-CAN-28385 - **Vulnerability Descrip…

Read more
CVSS 4.3
sz-boot-parent Directory Traversal Vulnerability (Arbitrary Resource File Read)
github.com · 2026-02-26

# Critical Vulnerability Information ## Product Information - **Product Vendor**: https://github.com/feiyuchuixue/sz-boot-parent - **Affected Product Code Repository**: sz-boot-parent <= v1.3.2-beta #…

Read more
Premium intel
CVSS 9.8
SPIP Plugins SQLi/RCE/XSS Vulnerabilities (CVE-2026-27743/44/45/46/47)
chocapikk.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Overview - **CVEs**: CVE-2026-27743, CVE-2026-27744, CVE-2026-27745, CVE-2026-27746, CVE-2026-27747 - **Affected Plugins**: - referer_spam <= …

Read more
CVSS 5.0
WordPress Responsive Lightbox RCE/XSS/SSRF/RFI Vulnerability Analysis
plugins.trac.wordpress.org · 2026-02-25

### Vulnerability Key Information - **Source**: `responsive-lightbox/trunk/includes/class-remote-library.php` - **Last Change**: Revision 464562 by dfactory, checked in 7 days ago - **File Size**: 28.…

Read more
CVSS 3.5
SourceCodester Patients Waiting Area Queue Management System 1.0 Stored XSS Vulnerability
vuldb.com · 2026-02-25

## Critical Vulnerability Information - **Vulnerability Title**: SourceCodester Patients Waiting Area Queue Management System 1.0 Cross Site Scripting - **Vulnerability Type**: Cross-Site Scripting (X…

Read more
CVSS 7.3
itsourcecode News Portal V1.0 SQL Injection in /admin/contactus.php
vuldb.com · 2026-02-25

- **Vulnerability Title:** itsourcecode News Portal Project V1.0 SQL Injection - **Description:** Critical SQL injection vulnerability in the /newsportal/admin/contactus.php file due to insufficient u…

Read more
Premium intel
CVSS 9.8
SPiP tickets Plugin <4.3.3 Unauthenticated RCE (CVE-2022-27744)
www.vulncheck.com · 2026-02-25

### Critical Vulnerability Information #### Vulnerability Name SPiP tickets < 4.3.3 Unauthenticated RCE #### Severity CRITICAL #### Date 2022-02-24 #### Scope - SPiP tickets plugin < 4.3.3 #### CVE Id…

Read more
Premium intel
CVSS 10.0
OliveTin CVE-2026-27626 Critical RCE via Password Type and Webhook Bypass
github.com · 2026-02-25

### Vulnerability Overview - **Vulnerability ID**: GHSA-49gm-hh7w-wfvf - **CVE ID**: CVE-2026-27626 - **Severity**: Critical (10.0/10) - **Affected Versions**: <= 3000.10.0 - **Fixed Versions**: None …

Read more
CVE-2026-27615: ADB-Explorer ManualAdbPath UNC Path RCE Vulnerability
github.com · 2026-02-25

## Key Information - **Vulnerability Name**: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE) - **CVE ID**: CVE-2026-27615 - **Affected Versions**: <= Beta 0.9.26021 - **Fixed Ve…

Read more
Altec DocLink .NET Remoting Unauth File Read/Write RCE (CVE-2026-26222)
www.vulncheck.com · 2026-02-25

## Critical Vulnerability Information ### Vulnerability Title DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE ### Severity CRITICAL ### Publication Date 2/24/2026 ### Affected Vers…

Read more
Linksys MR9600/MX4200 Path Traversal Leading to RCE (SYSS-2025-001)
www.syss.de · 2026-02-25

## Critical Vulnerability Information - **Advisory ID**: SYSS-2025-001 - **Product**: MR9600, MX4200 (and potentially others) - **Manufacturer**: Linksys - **Affected Version(s)**: 1.0.4.205530 for MR…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.