Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.3
Bolo-Solo v2.6.4 Arbitrary File Write Leading to RCE via PicUpload
github.com · 2026-02-04

### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Version**: Bolo-Solo v2.6.4_stable - **Root Cause**: The "/pic/upload" featur…

Read more
CVSS 8.2
OXID eShop SQL Injection and PHP Object Injection Leading to RCE
web.archive.org · 2026-02-04

### Critical Vulnerability Information #### Vulnerability Types - **SQL Injection in Product Details** - **PHP Object Injection** #### Vulnerability Description - **SQL Injection**: - In the `_getVend…

Read more
CVSS 8.8
CVE-2026-24512: ingress-nginx Config Injection Leading to RCE and Secret Disclosure
github.com · 2026-02-04

**Vulnerability Key Information** - **Vulnerability ID:** CVE-2026-24512 - **CVE ID:** CVE-2026-24512 - **CVSS Rating:** 3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - **Affected Component:** ingress-ngi…

Read more
CVSS 6.3
Bolo-Solo v2.6.4 Arbitrary File Write Leading to RCE via import/markdown
github.com · 2026-02-04

## Key Information Summary ### Vulnerability Overview - **Version**: Bolo-Solo v2.6.4 - **Vulnerability Type**: Arbitrary File Write Vulnerability (RCE) - **Cause**: In the `import/markdown` feature, …

Read more
Craft Commerce Stored XSS and Privilege Escalation via Tax Zones (CVE-2026-25489)
github.com · 2026-02-04

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Type**: Stored XSS - **Affected Module**: Tax Zones (Name and Description fields) - **Risk Level**: Medium - **CVE ID…

Read more
Craft Commerce Stored XSS in Order Status Widget (CVE-2026-25482)
github.com · 2026-02-04

## Critical Vulnerability Information ### Vulnerability Overview - **Type**: Stored DOM XSRF - **Location**: Order status names in the "Recent Orders" control panel widget - **Impact Scope**: When any…

Read more
Craft Commerce Stored XSS Vulnerability (CVE-2026-25488)
github.com · 2026-02-04

### Key Information - **Vulnerability Type**: Stored XSS (Cross-Site Scripting) - **Affected Scope**: - **Affected Versions**: - `>= 5.0.0-RC1, = 4.0.0-RC1, Store Management -> Tax Categories. - Creat…

Read more
Craft Commerce Stored XSS Leading to Privilege Escalation (CVE-2026-25522)
github.com · 2026-02-04

### Vulnerability Key Information **Title:** Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation **Severity:** Moderate **CVE ID:** CVE-2026-25522 **CWE:*…

Read more
CVSS 7.1
Type Confusion in iccDEV Library (CVE-2026-25503) Leading to DoS/RCE
github.com · 2026-02-04

## Key Information ### Vulnerability Title Type Confusion in CIccTagEmbeddedHeightImage::Validate() ### CVSS Score * **Severity**: High (7.1/10) * **CVSS v3 Base Metrics**: * Attack Vector: Network * …

Read more
Craft Commerce Stored XSS Leading to Privilege Escalation (CVE-2026-25490)
github.com · 2026-02-04

This webpage screenshot provides a detailed description of a stored XSS vulnerability discovered in Craft Commerce, which could lead to privilege escalation. Below are the key vulnerability details ex…

Read more
Craft Commerce Stored XSS and Privilege Escalation (CVE-2026-25485)
github.com · 2026-02-04

### Critical Vulnerability Information #### Vulnerability Overview - **Name**: Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation - **CVE ID**: CVE…

Read more
Premium intel
CVSS 10.0
SignalK set-system-time npm Package RCE via Command Injection (CVE-2026-23515)
github.com · 2026-02-03

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: RCE - Command Injection - **Affected Package**: @signalk/set-system-time (npm) - **Affected Versions**: =1.5.0 #### Sever…

Read more
Premium intel
CVSS 9.8
CVE-2025-66480: im-server Arbitrary File Upload and RCE via Directory Traversal
github.com · 2026-02-03

### Key Information - **Vulnerability Type**: Arbitrary File Upload via Directory Traversal in UploadFileAction - **Severity**: Critical - **CVE ID**: CVE-2025-66480 - **Affected Versions**: < 1.4.2 -…

Read more
CVSS 8.8
clawbot npm Token Exfiltration Leading to 1-Click RCE
github.com · 2026-02-02

## Vulnerability Key Information ### Vulnerability Name 1-Click RCE via Authentication Token Exfiltration From gatewayUrl ### Affected Package - **Package**: clawbot (npm) - **Affected versions**: <=v…

Read more
CVSS 6.4
BootCommerce v3.2.1 Persistent XSS Vulnerability Analysis
www.vulnerability-lab.com · 2026-02-01

### Critical Vulnerability Information #### **Vulnerability Overview** - **Vulnerability Discovery:** BootCommerce v3.2.1 - Multiple Persistent Vulnerabilities - **Vulnerability Type:** Cross-Site Scr…

Read more
CVSS 6.3
bolo-solo v2.6.4 SnakeYAML Deserialization RCE in import/markdown
github.com · 2026-01-31

### Vulnerability Key Information #### Vulnerability Description In the stable version bolo-solo v2.6.4, there is a deserialization vulnerability in the "import/markdown" path, caused by unsafe YAML l…

Read more
CVSS 7.3
itsourcecode School Management System V1.0 SQL Injection Vulnerability
github.com · 2026-01-31

# itsourcecode School Management System V1.0 SQL Injection Vulnerability ## Product Information - **Affected Product:** School Management System - **Vendor Homepage:** https://itsourcecode.com/free-pr…

Read more
Premium intel
CVSS 7.6
CVE-2026-25116: Unauthenticated Path Traversal Leading to RCE
github.com · 2026-01-30

```md ## Critical Vulnerability Summary ### Vulnerability Overview - **Type**: Unauthenticated Path Traversal - **Affected Versions**: >= v4.5.0 - **Fixed Versions**: >= v4.7.2 - **CVE ID**: CVE-2026-…

Read more
CVSS 6.3
TOTOLINK A7000R Router Unauthenticated RCE via cstecgi.cgi
github.com · 2026-01-30

### Key Information #### Product Information - **Vendor**: TOTOLINK - **Affected Product**: A7000R - **Affected Firmware Version**: V4.1cu.4154 #### Vulnerability Overview - **Description**: A critica…

Read more
CVSS 6.3
TOTOLINK A7000R Router Unauthenticated RCE Vulnerability with POC
github.com · 2026-01-30

```md ## Critical Vulnerability Information - **Vendor**: TOTOLINK - **Affected Product**: A7000R - **Affected Firmware Version**: V4.1cu.4154 - **Vulnerability Type**: Unauthorized Command Execution …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.