Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.1
Booster for WooCommerce Reflected XSS Vulnerability (<=7.2.3)
www.wordfence.com · 2024-11-24

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting 2. **Vulnerabili…

Read more
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI · Advisory · MervinPraison/PraisonAI · G
github.com · 2026-05-08

# CVE-2026-34935: Command Injection Vulnerability in MervinPraison/PraisonAI ## Vulnerability Overview This vulnerability exists in the `parse_mcp_command()` method of the `MervinPraison/PraisonAI` pr…

Read more
Premium intel
CVSS 6.1
WordPress Auto Post Scheduler CSRF Vulnerability Details (CVSS 9.8)
www.wordfence.com · 2026-04-02

### Vulnerability Summary: Auto Post Scheduler **1. Vulnerability Overview** * **Vulnerability Name:** Cross-Site Request Forgery (CSRF) in Auto Post Scheduler * **Affected Software:** Auto Post Sched…

Read more
GitLab CI YAML Parser DoS Vulnerability (CVE-2024-9384) Fix Analysis
github.com · 2026-04-03

### Vulnerability Summary **Overview** * **Vulnerability Type**: Denial of Service (DoS) / Infinite Recursion * **Affected Component**: GitLab CI/CD Configuration Parser (YAML Parser) * **Description*…

Read more
CVSS 8.1
AVideo CloneSite Path Traversal via deleteDump Parameter (CVE-2026-33293)
github.com · 2026-04-22

### Vulnerability Overview **CVE-2026-33293: Path Traversal Vulnerability in AVideo** - **Vulnerability Description**: The `deleteDump` parameter of AVideo's CloneSite does not apply path traversal fi…

Read more
CVSS 7.6
FreeScout Customer Merge Cross-Mailbox Authorization Bypass
github.com · 2026-04-08

# Vulnerability Summary: Customer Merge Cross-Mailbox Authorization Bypass ## Vulnerability Overview This vulnerability exists in the FreeScout software and is known as "Customer Merge Cross-Mailbox A…

Read more
Premium intel
CVSS 9.8
simple-git RCE via case-insensitive protocol.allow config bypass
github.com · 2026-04-18

### Vulnerability Overview **Vulnerability Name**: `blockUnsafeOperationsPlugin` bypass via case-insensitive `protocol.allow` config key enables RCE **Vulnerability Description**: - The `blockUnsafeOp…

Read more
Chamilo Social Post SVG Sanitization Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves allowing only images and videos as attachments in social posts, and performing sanitization on SVG content. Specifically includes: 1. **Social Po…

Read more
CVSS 7.7
Kyverno ConfigMap Cross-Namespace Unauthorized Access Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves an access control issue for `configmap` in the Kyverno project. Specifically, access to `configmap` is restricted to only allow policies within t…

Read more
Linux Kernel IPTables TCP Handling Remote DoS Vulnerability (GLSA)
www.gentoo.org · 2025-11-07

### Key Information - **Vulnerability Overview**: - **Title**: Linux Kernel: Remote DoS with IPTables TCP Handling - GLSA - **Release Date**: July 14, 2004 - **Latest Revision**: October 10, 2004: 02 …

Read more
CVSS 5.3
WooCommerce Customer Reviews Auth Bypass to Arbitrary Review Submission
www.wordfence.com · 2026-04-11

### Vulnerability Overview * **Title**: Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter * **Description**: The Cu…

Read more
CVSS 6.1
goldmark XSS vulnerability fix in HTML renderer
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Cross-Site Scripting (XSS) - **Vulnerability Description**: If URLs of links and images contain dangerous characters (e.g., …

Read more
CVSS 5.5
openclaw Local Media Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-28

# Vulnerability Summary ## Overview This vulnerability involves a security issue in the configuration and parsing logic of the local media root directory within the `openclaw` project. Specifically: -…

Read more
Premium intel
CVSS 9.4
phpvms/phpvms removes importer module and routes to mitigate security risks
github.com · 2026-05-10

### Vulnerability Overview The provided webpage screenshot displays the commit history of a GitHub repository involving code modifications to the `phpvms/phpvms` project. The commit removes several vi…

Read more
FFmpeg zmqsend Buffer Overflow Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a C language source code file named `zmqsend.c`, which is part of the FFmpeg project. The code involves the use of the ZeroMQ library for sendin…

Read more
Linux Kernel reset-uniphier-glue null-ptr-deref fix
git.kernel.org · 2025-03-29

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: Potential null pointer dereference (null-ptr-deref). - **Affected File**:…

Read more
CVSS 4.3
itsourcecode Payroll Management System 1.0 /navbar.php XSS Vulnerability (CVE-2020-5319)
vuldb.com · 2026-04-02

# 漏洞关键信息总结 **漏洞概述** * **漏洞名称:** ITSOURCECODE Payroll Management System Up to 1.0 /navbar.php Page Cross Site Scripting * **CVE编号:** CVE-2020-5319 * **漏洞类型:** 跨站脚本攻击 (XSS) * **CVSS评分:** 3.9 (Problemati…

Read more
CVSS 6.3
uutils mv TOCTOU Race Condition in Cross-Device File Move
github.com · 2026-04-23

# Vulnerability Summary: uutils mv TOCTOU Race #10015 ## Vulnerability Overview The `mv` command in uutils has a race condition (TOCTOU Race) between deleting and recreating the destination file when …

Read more
CVE-2025-71058 DNS Cache Poisoning Vulnerability and POC Analysis
github.com · 2026-04-22

# CVE-2025-71058 Vulnerability Summary ## Vulnerability Overview This vulnerability involves DNS cache poisoning attacks, exploiting forged DNS response packets to deceive the target resolver. The att…

Read more
Incus OVN Client SSL/TLS Misconfiguration and Certificate Verification Bypass Analysis
github.com · 2026-05-07

### Vulnerability Overview The provided webpage screenshot displays a code file named `ovn_icsgo_b.go` from the `incus` project. The code involves the initialization process of the OVN (Open Virtual N…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.