Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.6
Canvas AZUI Operation Scheduling URL Trust Bypass Fix
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #58471 - **Vulnerability Type**: Security Vulnerability - **Vulnerability Description**: Restricts Canvas AZUI operation sched…

Read more
Premium intel
CVSS 8.8
hashgraph/guardian Sandbox Escape Fix: vm.createContext Hardening
github.com · 2026-05-02

### Vulnerability Overview This vulnerability affects the `policy-service/src/policy-engine/helpers/workers/custom-logic-worker.ts` file in the `hashgraph/guardian` project. The root cause is that the…

Read more
Paket Compiler manifest package name validation bypass
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves improper handling of invalid package names when parsing `manifest` files. Specifically, when an invalid package name is present in the `manifest`…

Read more
Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 · Advisory · python-poetry/poetry · GitH
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 - **CVE ID**: CVE-2024-1140 - **CWE ID**: CWE-22 - **Description**:…

Read more
Vim path option backtick command execution vulnerability fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: The `path` option in `vim/vim` may lead to command execution. - **Problem Description**: When backticks are included in the `path` option, shell co…

Read more
CVSS 6.3
ProjectsAndPrograms School Management System Authenticated File Upload leading to RCE
vuldb.com · 2026-04-04

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name:** ProjectsAndPrograms school-management-system 1 File Upload / RCE * **Description:** A authenticated file upload vulnerabi…

Read more
LibreNMS 2024R2.1 Security Advisory: AD/LDAP Cert Removal, Broken Access Control, Session Replay Fix
www.nagios.com · 2025-04-09

### Critical Vulnerability Information #### 2024R2.1 - 03/26/2025 - **Fixed**: - Fixed a security vulnerability while removing an AD/LDAP certificate (Thanks to Haiyu Li, Shifei Zhao, mro22, rjy, King…

Read more
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection · Advisory · MervinPraison/PraisonAI · GitH
github.com · 2026-05-08

# PraisonAI MCP `tools/call` Path Traversal Leading to RCE Vulnerability Summary ## Vulnerability Overview The PraisonAI MCP server registers four file processing tools by default (`praisonai.rules.cr…

Read more
Chrome Safe Browsing Bypass via Data URI (CVE-2023-1814)
crbug.com · 2025-11-20

### Key Information - **Title**: Security: Safe Browsing bypass via data URI, no warning if SB fails - **Type**: Vulnerability - **Priority**: P1 - **Severity**: S2 - **Status**: Fixed - **CVE**: 2023…

Read more
CVSS 8.1
CVE-2025-23227: sctokens Path Traversal Authorization Bypass
github.com · 2026-04-02

# Vulnerability Summary: Path Traversal in sctokens Leading to Authorization Bypass ## Vulnerability Overview **CVE ID**: CVE-2025-23227 **Severity**: High (8.1/10) **Affected Versions**: "/home" # ur…

Read more
KVM x86: vCPU INIT warning in SMM mode due to SHUTDOWN interrupt
git.kernel.org · 2025-05-21

### Critical Vulnerability Information - **Vulnerability Description**: - In KVM, when a virtual CPU (vCPU) encounters a SHUTDOWN interrupt while in System Management Mode (SMM), KVM forces a vCPU INI…

Read more
CVSS 7.5
API Platform GraphQL Relay Unauthorized Resource Access Fix
github.com · 2025-04-09

## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unauthorized Resource Access - **Cause**: Unauthorized resources were accessed when using Relay. ### Related Files and C…

Read more
CVSS 7.6
Stored XSS in fabric.js SVG Export via id/src Injection (CVE-2026-27013)
github.com · 2026-02-21

From the screenshot, we can extract the following key points about the vulnerability: - **Vulnerability**: Stored XSS via SVG Export (GHSA-hfvx-25r5-qc3w) - **Severity**: High (CVSS v3 base metrics: 7…

Read more
OSGi v3.8-3.18 Console - RCE - Multiple webapps Exploit
www.exploit-db.com · 2026-05-05

# OSGi v3.8-3.18 Console RCE Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: OSGi v3.8-3.18 Console RCE - **EDB-ID**: 51878 - **Publication Date**: 2024-03-12 - **Vulnerabili…

Read more
FileController File Upload Bypass Leading to RCE
github.com · 2026-04-03

# Vulnerability Summary: Remote Code Execution via File Upload Bypass in FileController ## Vulnerability Overview * **Vulnerability Name**: Remote Code Execution via File Upload Bypass in FileControll…

Read more
Premium intel
CVSS 8.8
Path Traversal Vulnerability in Local Media Upload Function
github.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Type**: Path Traversal - **Description**: A path traversal vulnerability exists during local media file uploads and streaming uploads, potentially allowing…

Read more
RCE in WordPress Plugin Spam Project for Contact Form 7 < 1.2.10 (CVE-2026-1640)
wpscan.com · 2026-04-02

# Vulnerability Summary: Spam Project for Contact Form 7 Remote Code Execution (RCE) ### Overview * **Vulnerability Name**: Spam Project for Contact Form 7 alert("XSS")'; // 4. Define the SQL query $s…

Read more
CVSS 6.5
Mayuri K. Gaatrickar Courier Management System 1.0 Broken Access Control in delete_user
vuldb.com · 2026-04-02

### Vulnerability Overview * **Vulnerability Title**: Mayuri K. Gaatrickar Courier Management System 1.0 Broken Access Control * **Severity**: High (High Risk) * **Description**: This vulnerability ex…

Read more
Stored XSS in Sourcecodester Cab Management System 1.0 (CVE-2024-51031)
github.com · 2024-11-11

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: CVE-2024-51031 2. **Description**: A Cross-Site Scripting (XSS) vulnerability exists…

Read more
SiYuan Bazaar Unfiltered README Rendering Leads to XSS to RCE
github.com · 2026-04-18

# Vulnerability Summary: Unfiltered Bazaar README Rendering in SiYuan Leads to XSS to RCE ## Vulnerability Overview SiYuan Bazaar (community marketplace) does not perform HTML filtering when rendering…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.