Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.3
YiXiang FileUtil File Upload Vulnerability Analysis (XSS/RCE)
github.com · 2026-02-08

### Critical Vulnerability Information #### 1. Vulnerability Type **File Upload Vulnerability** #### 2. Vulnerability Origin - **Code Location**: `co.yixiang.utils.FileUtil#upload` method - **Risk Poi…

Read more
CVSS 6.3
Java File Upload Vulnerability Analysis: Lack of Type Validation Leads to XSS/RCE
github.com · 2026-02-08

### Key Information #### Vulnerability Type - File Upload Vulnerability #### Impact - Users can upload malicious files (such as HTML and JSP), potentially leading to XSS or RCE vulnerabilities. #### V…

Read more
CVSS 7.3
ITSOURCECODE Society Management System 1.0 SQL Injection in delete_expenses.php (CVE-2026-2115)
vuldb.com · 2026-02-08

### Critical Vulnerability Information - **Vulnerability Name**: ITSOURCECODE Society Management System 1.0 delete_expenses.php expenses_id SQL Injection - **CVE ID**: CVE-2026-2115 - **CVSS Meta Temp…

Read more
CVSS 6.4
Premmerce WizardHandler.php Input Validation Missing Leading to XSS/Data Tampering
plugins.trac.wordpress.org · 2026-02-08

### Critical Vulnerability Information - **Source Code Context**: - The `WizardHandler.php` file from the `premmerce/tags/1.3.20/src/Admin/Handlers` directory is being analyzed. - **File Metadata**: -…

Read more
CVSS 3.5
OpenProject Stored HTML Injection and Repository Changes RCE via Git Argument Injection
github.com · 2026-02-07

### Critical Vulnerability Information #### Security Fixes - **GHSA-q523-c695-h3hp - Stored HTML Injection in Time Tracking** - OpenProject version 17.0.2 contains an HTML injection vulnerability in i…

Read more
Spree Commerce GHSA-3310 Address Handling Vulnerability Fix
github.com · 2026-02-07

- **Commits** - Commit `ff7cfcf` was made to address a vulnerability GHSA-3310 related to address data handling in the Spree Commerce platform. - Fix included additional application or third-party app…

Read more
Spree Commerce IDOR Vulnerability (CVE-2026-25758) Analysis
github.com · 2026-02-07

### Critical Vulnerability Information #### Vulnerability Summary - **Type**: IDOR (Insecure Direct Object References) - **Severity**: High - **CVE ID**: CVE-2026-25758 - **CWEs**: CWE-284 (Improper A…

Read more
Premium intel
CVSS 8.6
Calibre CVE-2026-25635 Path Traversal Leading to RCE via Malicious CHM
github.com · 2026-02-07

### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: Path traversal leading to arbitrary file write and potential code execution - **Severity**: High (8.6/10) - **CVE ID**…

Read more
Premium intel
CVSS 10.0
CVE-2026-25520: @nyariv/sandboxjs Sandbox Escape RCE PoC
github.com · 2026-02-07

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Sandbox Escape - **Severity**: - Dynamic: Critical - CVSSv3 Base Metrics: * Attack Vector: Network * Attack Complexity: L…

Read more
Premium intel
CVSS 10.0
CVE-2026-25587: Sandbox Escape RCE in @nyariv/sandboxjs via Map.prototype
github.com · 2026-02-07

### Key Information Summary #### Vulnerability Overview - **Vulnerability ID**: GHSA-66h4-qj4x-38xp - **CVE Number**: CVE-2026-25587 - **Publisher**: nyariv - **Release Date**: Yesterday - **Severity*…

Read more
CVSS 4.7
D-Link DIR-823X RCE via /goform/set_ac_server Input Validation Bypass
github.com · 2026-02-07

## Vulnerability Key Information ### Vulnerability Type - Remote Code Execution (RCE) ### Affected Versions - D-Link DIR-823X (250416) ### Vulnerability Description - **Location**: The `/goform/set_ac…

Read more
Gitea CVE-2025-64111 Critical RCE via .git Directory Update Bypass
github.com · 2026-02-07

## Key Information ### Vulnerability Description - **Summary**: Due to insufficient remediation of GHSA-wj44-9vcq-wjq7, it is still possible to update files within the `.git` directory via API, leadin…

Read more
CVSS 8.8
ingress-nginx CVE-2025-15566: Config Injection Leading to RCE and Secret Leakage
github.com · 2026-02-06

## Key Information ### Vulnerability Overview - **CVE ID**: CVE-2025-15566 - **Description**: In ingress-nginx, attackers can exploit the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` annotatio…

Read more
Monstra CMS 3.0.4 Arbitrary File Upload Bypass Leading to RCE (CVE-2025-69906)
github.com · 2026-02-06

### Key Information Summary #### Vulnerability Overview - **CVE ID**: CVE-2025-69906 - **Product**: Monstra CMS 3.0.4 - **Vulnerability Type**: Arbitrary File Upload Leading to Remote Code Execution (…

Read more
Premium intel
CVSS 9.1
SiYuan Arbitrary File Write to RCE via /api/file/copyFile (CVE-2026-25539)
github.com · 2026-02-05

- **Vulnerability Description**: `Arbitrary File Write via /api/file/copyFile leading to RCE` - **Vulnerability Type**: `Improper Limitation of a Pathname to a Restricted Directory (CWE-22)` - **Affec…

Read more
Premium intel
CVSS 9.8
HubSpot Jinjava Sandbox Bypass RCE (CVE-2026-25526)
github.com · 2026-02-05

## Key Information ### Vulnerability Overview - **CVE ID**: CVE-2026-25526 - **Severity**: Critical - **Vulnerability Type**: Sandbox Bypass / Remote Code Execution - **Affected Package**: `com.hubspo…

Read more
langroid TableChatAgent WAF Bypass RCE via pandas_eval (CVE-2026-25481)
github.com · 2026-02-05

- **Package**: langroid (pip) - **Affected Versions**: <= 0.59.31 - **Patched Versions**: 0.59.32 - **Vulnerability**: WAF Bypass Leading to RCE in TableChatAgent - **CVE ID**: CVE-2026-25481 - **Seve…

Read more
CVSS 10.0
VSF-FORTITUDE6/DS-1555 Security Update: Fixes Multiple Authenticated RCE Vulnerabilities (CVE-2025-64090/64091/59817/598
wiki.zenitel.com · 2026-02-04

Below are the key details regarding the Vulnerability: - **Security Updates** - **VSF-FORTITUDE6 9.3.3.1** - MTN-4866: Resolved CVE-2025-64090, Authenticated RCE on Hostname configuration. - MTN-4865:…

Read more
CVSS 10.0
VSF-Fortitude8 Security Bulletin: Multiple CVEs including Authenticated RCE
wiki.zenitel.com · 2026-02-04

### Critical Vulnerability Information #### VSF-Fortitude8 (vsff8mp) 9.3.3.1 **Security Updates:** - **MTN-4866 Security Update:** - **CVE:** CVE-2025-64090 - **Description:** Authenticated Remote Cod…

Read more
CVSS 8.2
OXID eShop SQL Injection to RCE Exploitation Analysis
web.archive.org · 2026-02-04

## Key Information ### Vulnerability Overview - **Vulnerability Type**: SQL Injection (SQLi) to Remote Code Execution (RCE) - **Affected Versions**: OXID eShop 6.x <= 6.3.4 - **Disclosure Date**: June…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.