Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 7.8
CVE-2026-26208: ADB Explorer Insecure Deserialization RCE
github.com · 2026-02-21

### Vulnerability Key Information #### Vulnerability Overview - **Vulnerability Type**: Insecure Deserialization leading to Remote Code Execution (RCE) - **Source**: ADB Explorer - **Vulnerability ID*…

Read more
CVSS 8.1
Caido DNS Rebind Bypass Leading to RCE (CVE-2026-24853)
github.com · 2026-02-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: Insufficient patch for DNS rebind leading to RCE - **Vulnerability ID**: GHSA-3q5q-p8vj-8783 - **CVE ID**: CVE-2026-24…

Read more
CVSS 9.1
authentik CVE-2026-25227 Authenticated RCE via Property Mapping
github.com · 2026-02-21

### Critical Vulnerability Information - CVE-2026-25227 - **CVE ID**: CVE-2026-25227 - **Reported by**: @rahulgovind #### Vulnerability Description - **Vulnerability Type**: Authenticated Remote Code …

Read more
CVSS 9.1
authentik CVE-2026-25227 Critical Authenticated RCE via Property Mapping Test Endpoint
github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Authenticated Remote Code Execution via Policy/Property Mapping test endpoint - **Severity**: Critical (CVSS: 9.1/10) - …

Read more
OpenSourcePOS 3.4.1 Secondary SQL Injection via Currency Symbol (CVE-2026-26745)
github.com · 2026-02-21

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Type**: Second-Order SQL Injection (CVE-2026-26745) - **Affected Product**: OpenSourcePOS - **Affected Version**: 3.4…

Read more
OpenSourcePOS v3.4.1 Stored XSS in Items Module with PoC
github.com · 2026-02-21

### Key Information #### Vulnerability Details - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Stored Cross-Site Scripting (XSS, CWE-79) - **Affected Component**: Items module –…

Read more
OpenSourcePOS v3.4.1 Stored XSS Vulnerability Analysis
github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Details - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Stored Cross-Site Scripting (XSS), CWE-79 - **Affected Componen…

Read more
OpenSourcePOS v3.4.1 Stored XSS via Incorrect Content-Type Handling
github.com · 2026-02-21

### Vulnerability Overview - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Improper `Content-Type` handling leading to Stored Cross-Site Scripting (XSS) (CWE-79, CWE-116) - **Af…

Read more
Calibre ODT Path Traversal Arbitrary File Write & RCE (CVE-2026-26064)
github.com · 2026-02-21

## Vulnerability Overview - **Vulnerability Type**: Path traversal leading to arbitrary file write and potential code execution - **Severity**: Critical (9.3/10) - **CVE ID**: CVE-2026-26064 ## Affect…

Read more
Premium intel
CVSS 9.8
ipTIME Router Auth Bypass & OpenVPN Config Injection RCE Analysis
github.com · 2026-02-21

### Critical Vulnerability Information #### 1. Vulnerability Overview - **Product**: ipTIME Routers (Tested Model: A6004MX) - **Firmware Version**: 14.18.2 - **Component**: `/cgi/timepro.cgi` - **Vuln…

Read more
RUCKUS Network Director Hardcoded Credentials RCE (CVE-2025-67304)
github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Overview - **Advisory ID**: MCSAID-2025-009 - **CVE ID**: CVE-2025-67304 - **Product**: RUCKUS Network Director - **Reported**: 2025-09-23 - *…

Read more
CVE-2026-26220: Unauthenticated RCE via Pickle Deserialization in LightLLM
github.com · 2026-02-21

# CVE-2026-26220: Unauthenticated RCE via Pickle Deserialization in PD WebSocket Endpoints ## Summary - **CVE**: CVE-2026-26220 - **CVSS 4.0**: 9.3 Critical (AV:N/AC:L/AT:N/PR:N/UI:N/N:VC:H/VI:H/VA:H/…

Read more
Premium intel
CVSS 9.8
MajorDoMo Multiple Vulnerabilities Fix (RCE/SQLi/XSS) and CVE-2026-27174 to 27181
github.com · 2026-02-21

### Vulnerability Information Summary #### Security Audit Findings - Vulnerability Types and Counts: - 3 Remote Code Execution (RCE) vulnerabilities - 1 Unauthenticated Module Unload vulnerability - 1…

Read more
CVSS 5.3
Open5GS SMF Assertion Failure in TFT Parsing via Malicious Bearer Resource Command
github.com · 2026-02-21

### Key Information * **Vulnerability Description** * SMF (Session Management Function) crashes when processing a Bearer Resource Command containing a malicious TFT (Traffic Aggregate Description). Th…

Read more
CVE-2026-2329: Grandstream GXP1600 Unauthenticated RCE via Stack Overflow
github.com · 2026-02-21

### Key Information #### Vulnerability Details - **CVE ID**: CVE-2026-2329 - **Target Device**: Grandstream GXP1600 series VoIP devices - **Vulnerability Type**: - Stack-based buffer overflow - Unauth…

Read more
CVSS 7.2
Wavlink NU516U1 Stack Buffer Overflow RCE in OTA Update
github.com · 2026-02-21

## Key Vulnerability Information Summary ### Vulnerability Overview - **Vendor**: Wavlink - **Product**: NU516U1 - **Version**: WAVLINK-NU516U1-A-WO-20251208-BYFM - **Type**: Stack Buffer Overflow - *…

Read more
CVSS 5.3
WordPress Plugin CallbackKiller Security Analysis: RCE/XSS/SQLi Risks
plugins.trac.wordpress.org · 2026-02-21

- **Plugin Name**: CallbackKiller service widget - **Plugin URI**: http://callbackkiller.com/ - **Description**: Describes a widget for the CallbackKiller service for WordPress - **Author**: CallbackK…

Read more
CVSS 5.3
WooCommerce Checkout Manager File Upload Vulnerability Analysis
plugins.trac.wordpress.org · 2026-02-21

### Vulnerability Key Information 1. **Plugin Name and Version** - From the screenshot, this page corresponds to the `class-upload.php` file of the `woocommerce-checkout-manager` plugin, version `7.8.…

Read more
CVSS 7.2
WooCommerce Custom Product Addons Code Injection and Type Juggling Risks
plugins.trac.wordpress.org · 2026-02-21

- **Source**: `woo-custom-product-addons/trunk/includes/process/conditional-logic.php` - **Last Change**: 3458823, checked in by acowebcsd, 10 days ago - **Update to Version**: 3.1.1 - **File Size**: …

Read more
CVSS 5.3
WooCommerce Checkout Manager File Upload and Privilege Escalation Analysis
plugins.trac.wordpress.org · 2026-02-21

### Critical Vulnerability Information #### File and Version - **File Path**: woocommerce-checkout-manager/tags/7.8.1/lib/class-upload.php - **Latest Revision**: 3095974 - **Committer**: quadrLayers -…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.