Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
huntr - The world’s first bug bounty platform for AI/ML
huntr.com · 2026-05-06

# Vulnerability Summary: LangGenius/Dify Cross-User File Read Vulnerability ## Vulnerability Overview - **Vulnerability Type**: Cross-User File Read - **Severity**: High - **CVE ID**: CVE-2025-3595 - …

Read more
CVE-2023-0341: Stack Buffer Overflow in libeditorconfig ec_glob()
github.com · 2026-04-18

### Vulnerability Overview **CVE-2023-0341** is a stack buffer overflow vulnerability that occurs in the `ec_glob()` function. This vulnerability allows an attacker to crash any application using `lib…

Read more
WCFM WordPress Plugin Multiple Vulnerabilities Advisory (CVE-2024-3386 to 3392)
www.wordfence.com · 2026-04-05

### Vulnerability Summary: WCFM – Frontend Manager for WooCommerce Plugin Vulnerabilities **Vulnerability Overview** * **Vulnerability Name:** WCFM – Frontend Manager for WooCommerce Plugin Vulnerabil…

Read more
Premium intel
CVSS 9.9
openclaw heartbeat module owner-only auth inheritance fix
github.com · 2026-04-21

# Vulnerability Summary ## Overview This vulnerability affects the `heartbeat` module in the `openclaw` project, specifically the issue of **block owner-only auth inheritance for exec events**. This p…

Read more
SiYuan Bazaar README XSS via iframe srcdoc (CVE-2026-40922)
github.com · 2026-04-18

# Vulnerability Summary: CVE-2026-33066 ## Overview **Title**: Incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan **CVE ID**: CVE-2026-40922 **Severity**: Moderate **CWE**: CWE-79…

Read more
Istio xDS Debug Handler Cross-Namespace Access Control Bypass Fix
github.com · 2026-04-07

### Vulnerability Overview A security vulnerability exists in Istio's xDS debug handler, where it fails to correctly pass or verify the caller's namespace. This can lead to cross-namespace access cont…

Read more
Premium intel
CVSS 8.3
OpenHarness Path Traversal and SSRF Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview This commit fixes vulnerabilities related to Path Traversal and Web Guards in the OpenHarness project. The main issue lies in insufficient permission …

Read more
CVSS 5.3
Jenkins PRB Plugin Permission Handling Fix
github.com · 2025-04-01

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Commit ID**: 346f2d5 - **Commit Description**: "Adjust permission handling in the REST endpoints…

Read more
CVSS 4.6
openclaw skill installation dangerous code pattern bypass fix
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves a failure to correctly block installation during the skill installation process when dangerous code patterns are detected. Specifically: - When d…

Read more
Multiple Pre-Auth SQLi Vulnerabilities in Web-Dorado ECommerce-WD Joomla Plugin with PoCs
seclists.org · 2025-11-08

# Critical Vulnerability Information - **Vulnerability Type**: Multiple Unauthenticated SQL Injection - **Affected Component**: Web-Dorado ECommerce-WD Joomla Plugin (version 1.2.5) - **Impacted Funct…

Read more
Premium intel
CVSS 9.8
Grafana Unauthenticated RCE via GRAPHL_COMPUTE Buffer Bypass
github.com · 2026-04-02

**Unauthenticated RCE via GRAPHL_COMPUTE buffer-0 bypass in Grafana RPC backend** **Summary:** A critical unauthenticated remote code execution (RCE) vulnerability exists in Grafana's GRAPHL_COMPUTE p…

Read more
Premium intel
CVSS 8.7
WordPress wp-ecommerce Arbitrary File Upload Vulnerability Analysis
github.com · 2026-04-04

# Vulnerability Summary: Arbitrary File Upload in wp-ecommerce Plugin ## Vulnerability Overview This vulnerability exists in the WordPress plugin `wp-ecommerce`. Due to insufficient security validatio…

Read more
Nginx AdvancedSearch Stored XSS Vulnerability (CVE-2025-62662)
phabricator.wikimedia.org · 2025-10-18

### Key Information #### Vulnerability ID - CVE-2025-62662 #### Vulnerability Type - Stored XSS through system messages in AdvancedSearch #### Affected Versions - Version(s): 1.4.2.x (up to 1.4.2.0) -…

Read more
Unauthenticated RCE in Springboard API via Multiple Parameters
phabricator.wikimedia.org · 2025-10-21

From this webpage screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Overview - **Title**: Multiple critical security issues, including unauthenticate…

Read more
CVE-2021-21772: lib3mf Use-After-Free Vulnerability Analysis
talosintelligence.com · 2025-11-07

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2021-21772 - **Vulnerability Type**: Use-After-Free (CWE-416) - **Affected Software & Version**: 3MF Consortium lib3mf 2.0.0 #### Vuln…

Read more
Spring Security OAuth2 Account Confusion via Shared Mutable State in Singleton Instances
github.com · 2026-04-03

# Vulnerability Summary: OAuth Account Confusion via Shared Mutable State on Singleton Service Instances ### Vulnerability Overview This vulnerability exists in the `spring-security-oauth2` library. T…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass
github.com · 2026-04-07

### Vulnerability Summary **1. Vulnerability Overview** A validation flaw exists in the `public_key` module of Erlang OTP regarding the processing of OCSP (Online Certificate Status Protocol) response…

Read more
Incus OVN SB Client SSL/TLS Configuration and Certificate Verification Flaw Analysis
github.com · 2026-05-07

### Vulnerability Overview The provided webpage screenshot displays a code file named `ovn_sb.go` from the `incus` project. This file implements the Open vSwitch (OVS) Southbound (SB) client, includin…

Read more
kubePlus ResourceController S2RF and Header Injection Vulnerability Analysis
github.com · 2026-04-02

# kubePlus ResourceController ChartURL S2RF + Header Injection 漏洞总结 ## 漏洞概述 该漏洞存在于 **kubePlus ResourceController** 组件中。攻击者可通过操纵 `chartURL` 参数,利用服务器端请求伪造(S2RF)和 HTTP 头注入(Header Injection)技术,向任意内部或外部服务发…

Read more
Premium intel
CVSS 5.4
openapi-generator CLI RCE via x-enum-varnames in OpenAPI spec
github.com · 2026-04-03

# Vulnerability Summary: Remote Code Execution (RCE) in openapi-generator ## 1. Vulnerability Overview * **Vulnerability Type**: Remote Code Execution (RCE). * **Affected Components**: `openapi-genera…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.