Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Ruby Dragonfly Argument Injection Leading to RCE
zxsecurity.co.nz · 2025-11-19

### Key Information Summary #### Vulnerability Name - Ruby Dragonfly – Argument Injection Vulnerability #### Vulnerability Description - An argument injection vulnerability exists in certain configura…

Read more
WavePlayer < 3.8.0 Unauthenticated Arbitrary File Upload RCE (CVE-2025-12057)
wpscan.com · 2025-11-19

## Key Information ### Description - **Vulnerability Name**: WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload - **Description**: The plugin lacks authentication checks in AJAX operations and…

Read more
ZMQ Pickle Deserialization RCE in Meta/NVIDIA/vLLM (CVE-2024-50050, CVE-2025-30165)
www.oligo.security · 2025-11-19

From this web page screenshot, the following key information about the vulnerability can be extracted: 1. **Vulnerability Overview** - ShadowMQ: A critical vulnerability spreading through code reuse. …

Read more
CVE-2025-63604: Code Injection in AWS Resources MCP Server
github.com · 2025-11-19

```md ## CVE-2025-63604: Code Injection ### Summary The AWS Resources MCP Server contains critical security vulnerabilities that allow arbitrary code execution through insufficient input validation in…

Read more
Sound4 IMPACT Firmware Update RCE (CVE-2025-63215) Exploitation Guide
github.com · 2025-11-19

## Critical Vulnerability Information ### Vulnerability Description - **CVE ID**: CVE-2025-63215 - **Product**: - **Vendor**: Sound4 - **Model**: IMPACT - **Firmware/Software Version**: 2.33 - **Vulne…

Read more
CVSS 8.8
Zyxel Security Advisory: Command Injection, RCE, and Privilege Management Vulnerabilities (CVE-2025-6599, CVE-2025-8693,
www.zyxel.com · 2025-11-18

- Vulnerability Key Information: - **CVE ID** | **Title** | **Last Updated** - CVE-2025-6599, CVE-2025-8693 | Zyxel security advisory for uncontrolled resource consumption and command injection vulner…

Read more
CVSS 3.5
XSS Vulnerability in SourceCodester Student Grades Management System 1.0 (CVE-2025-13349)
vuldb.com · 2025-11-19

### Critical Vulnerability Information - **Vulnerability Type**: Cross Site Scripting (XSS) - **CVE ID**: CVE-2025-13349 (incorrect year format) - **Affected System**: SourceCodester Student Grades Ma…

Read more
CVSS 8.8
Potential SQLi/XSS in WooCommerce plugin wccategorytab.php due to limited input validation
plugins.trac.wordpress.org · 2025-11-18

```md - **Vulnerability Type**: Potential Security Risk - The code includes AJAX request handling with limited input validation. - **File**: `wccategorytab.php` - The file is a part of a plugin or the…

Read more
CVSS 6.3
SourceCodester Train Station Ticketing System V1.0 SQL Injection in yajax.php
vuldb.com · 2025-11-19

### Key Information - **Title:** SourceCodester Train Station Ticketing System V1.0 SQL Injection - **Description:** - A SQL injection vulnerability exists in the "yajax.php?action=save_user" file. - …

Read more
CVSS 6.3
SQL Injection in ITSourceCode Student Information System 1.0 (CVE-2025-13325)
vuldb.com · 2025-11-18

### Key Information - **CVE**: CVE-2025-13325 - **CVSS ID**: VDB-332669 - **GCVE**: GCVE-100-332669 - **Product**: ITSourceCode Student Information System 1.0 - **Vulnerability Type**: SQL Injection -…

Read more
CVSS 4.7
Tourist Management System PHP Unrestricted File Upload Leading to RCE
github.com · 2024-10-12

From this webpage screenshot, we can obtain the following key information about the vulnerability: 1. **Affected Product**: - Tourist Management System In PHP With Source Code 2. **Affected Version**:…

Read more
CVSS 3.1
Roundcube DMP Injection and CRLF Bypass Vulnerability Fix Analysis
github.com · 2026-04-03

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Type**: DMP (Dovecot Manage Protocol) Injection, CRLF Bypass, Unauthorized Access, Password Modification Bypass. …

Read more
fix: keep local marketplace paths stable (#60556) (thanks @eleqtrizit) · openclaw/openclaw@94b0062 · GitHub
github.com · 2026-05-05

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Fix local marketplace path stability issues - **Vulnerability Description**: This vulnerability involves instability in the …

Read more
Android Bluetooth Binder Permission Bypass via Null AttributionSource
android.googlesource.com · 2024-11-17

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - The researcher reported that some Bluetooth (BT) calls crossing …

Read more
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
raw.githubusercontent.com · 2026-05-08

# Summary of Unauthenticated Remote Code Execution Vulnerability in BYOB ## Vulnerability Overview The BYOB (Build Your Own Botnet) Web GUI contains two unauthenticated vulnerabilities: 1. **CVE-2024-…

Read more
CVSS 4.3
FreeScout Information Disclosure: Non-folder Queries Bypass Assigned-Only Restrictions
github.com · 2026-04-22

# Vulnerability Summary: Non-folder conversation queries disclose assigned-only hidden conversations ## Vulnerability Overview This vulnerability exists in the `freescout` software. Due to the global …

Read more
SignalX Server Unauthenticated Source Priorities Manipulation
github.com · 2026-04-03

### Summary SignalX Server has an unauthenticated HTTP endpoint that allows remote attackers to modify navigation source priority data. The endpoint is accessible without authentication and performs n…

Read more
Premium intel
CVSS 6.3
pi-mono Slack Bot Unauthenticated RCE via LLM Prompt Injection and Bash Tool
github.com · 2026-04-05

## Vulnerability Overview **CVE Report: Unauthenticated Remote Code Execution via Slack Message in pi-mono mom Bot** | Field | Value | |:---|:---| | Product | pi-mono (Pi Coding Agent Monorepo) | | Ve…

Read more
Stashed Desktop App RCE via Path Traversal and Arbitrary File Write (CVE-2019-10842)
www.rcesecurity.com · 2026-04-04

# Stashed Desktop App RCE Vulnerability Summary (CVE-2019-10842) ### Vulnerability Overview Stashed Desktop App contains a critical remote code execution (RCE) vulnerability. The flaw arises from impr…

Read more
CVSS 6.1
uBidAuction v2.0.1 Non-Persistent XSS Vulnerability with PoC
www.exploit-db.com · 2026-05-10

# uBidAuction v2.0.1 Cross-Site Scripting (XSS) Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Non-Persistent Cross-Site Scripting (Non-Persistent XSS) * **Affected Software…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.