Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.1
Chamilo Course Catalog Access Control Fix (Role-based Security)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Description**: This vulnerability involves adding `CourseRelUserStateProcessor` and improving course catalog filtering l…

Read more
CVSS 7.7
Rate Limiter JWT Unverified Bypass Vulnerability Analysis
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the use of unverified JWT (JSON Web Token) in rate limiting. Specifically, the rate limiting middleware uses an unverified JWT to identify users,…

Read more
PJPROJECT ssl_sock_gtls.c Certificate Verification Logic Fix
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves the certificate verification logic in the `ssl_sock_gtls.c` file. Specifically, in certain scenarios, the certificate verification status is inco…

Read more
Premium intel
CVSS 8.8
Buffer Overflow in UTT HiPER 810G /goform/formFireWall causing DoS
github.com · 2026-02-07

- **Vulnerability Title**: - Buffer Overflow Vulnerability in UTT HiPER 810G Router /goform/formFireWall (Denial of Service) - **Information**: - Vendor: UTT (AiTai) - Vendor Website: [https://utt.com…

Read more
CVSS 7.3
SSRF Vulnerability in api-lab-mcp (CVE-918) with POC
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) / 服务器端请求伪造 * **CVE ID**: CVE-918 * **Description**: An SSRF vulnerability was discovered in the MCP tools (`anal…

Read more
Premium intel
CVSS 9.6
ArgoCD ServerSideDiff Secret Extraction Vulnerability (CVSS 9.6)
github.com · 2026-05-02

# Kubernetes Secret Extraction via ArgoCD ServerSideDiff ## Vulnerability Overview The `ServerSideDiff` endpoint in ArgoCD suffers from missing authorization and data masking vulnerabilities. Attacker…

Read more
CVSS 6.5
ACP Attachment Path Traversal Fix and Test Cases
github.com · 2026-04-28

# Vulnerability Summary ## Overview This vulnerability involves enforcing restrictions on the ACP (Attachment Control Policy) attachment root directory. Specific manifestations include: - **Enforced r…

Read more
CVSS 8.1
CVE-2020-32716: scitokens Authorization Bypass via Scope Path Prefix Checking
github.com · 2026-04-02

## Vulnerability Overview **Title**: Authorization Bypass via Incorrect Scope Path Prefix Checking **CVE ID**: CVE-2020-32716 **Severity**: High (8.1/10) **Root Cause**: The `Enforcer` class used simp…

Read more
CVSS 3.3
Hardcoded Firebase API Key in app.inventory.toyfactory v1.5.5 Leading to Unauthorized Data Access
www.notion.so · 2026-04-04

# 漏洞总结 ## 漏洞概述 在Android应用 **app.inventory.toyfactory** (版本 1.5.5) 中,存在一个硬编码的 Google Firebase API 密钥。该密钥位于客户端可访问的资源文件中,攻击者可提取该密钥,利用 Firebase Identity Toolkit 实现匿名认证,并通过生成的 ID 令牌访问关联的 Firebase Realtime …

Read more
CVSS 7.5
PrismaAI A2U Unauthenticated Information Disclosure (CVE-2026-34952)
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The A2U (Agent-to-User) event stream server in PrismaAI contains an unauthenticated vulnerability (CVE-2026-34952). This vulnerability allows attac…

Read more
Premium intel
CVSS 9.8
WordPress File Upload Plugin CVE-2024-11613 RCE via MIME Bypass
abrahack.com · 2026-04-09

### Vulnerability Overview This document discusses a new Remote Code Execution (RCE) vulnerability (CVE-2024-11613) introduced by the WordPress File Upload plugin after patching CVE-2024-9939 and CVE-…

Read more
GeoNode Remote Document Upload Thumbnail Generation Vulnerability Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to process thumbnail files generated from remote URLs lo…

Read more
source-map-support Directory Traversal via Custom File Reader (CVE-2024-21540)
gist.github.com · 2024-11-17

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - **Title**: Package source-map-support: Possible to inject custom…

Read more
Premium intel
CVSS 9.6
Salesforce REST Connect SSRF via Empty Default Endpoint
github.com · 2026-04-04

Based on the provided webpage screenshot, here is a summary of the vulnerability: **Vulnerability Overview** * **Vulnerability Name**: Server-Side Request Forgery (SSRF) via REST Connect with Empty De…

Read more
Premium intel
CVSS 8.8
Evolution CMS 3.1.6 Authenticated RCE Vulnerability and POC
www.exploit-db.com · 2026-05-10

# Evolution CMS 3.1.6 Remote Code Execution (RCE) Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated) * **EDB-ID…

Read more
Double-Edged IPC: Uninitialized Leak and Stack Overflow in GetRawInputDeviceInfoSlave Leads to SYSTEM Sandbox Escape · A
github.com · 2026-05-06

N/A.神龙无法分析-数据量过载

Read more
CVSS 8.1
OpenClaw Browser Proxy allowProfiles Config Logic Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the `allowProfiles` configuration of the browser proxy in the OpenClaw project. When `allowProfiles` is set to an empty value, the browser proxy …

Read more
CVSS 7.3
api-lab-mcp SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF, CWE-918). * **Description**: The `api-lab-mcp` project contains an SSRF vulnerability within the MCP/HTTP tool h…

Read more
VMware VMCI use-after-free vulnerability fix in vmci_resource_remove
git.kernel.org · 2024-09-19

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: VMCI: Fix use-after-free when removing resource in v…

Read more
CVSS 3.3
wasm3 MarkSlotAllocated NULL Pointer Dereference Crash Analysis
github.com · 2025-07-06

### Key Information #### Vulnerability Description - **Type**: SEGFAULT (SEGV) - **Location**: source/m3_compile.c:332:25 in MarkSlotAllocated - **Version**: Latest commit 79d412e - **Environment**: U…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.