Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.4
Exponent CMS 2.6 Stored XSS and Authentication Brute Force Vulnerabilities with POC
www.exploit-db.com · 2026-05-10

# Exponent CMS 2.6 Multiple Vulnerabilities ## Vulnerability Overview This vulnerability involves multiple security issues in Exponent CMS version 2.6, including Stored Cross-Site Scripting (Stored XS…

Read more
Incus OVN Client SSL/TLS Certificate Verification Issue Analysis
github.com · 2026-05-07

### Vulnerability Overview The provided screenshot displays the code file `ovn_nb.go` from the `incus` project. The file involves interactions with the OVN (Open Virtual Network) client, specifically …

Read more
fix(config): redact sourceConfig and runtimeConfig alias fields in re… · openclaw/openclaw@86734ef · GitHub
github.com · 2026-05-05

### Vulnerability Overview This vulnerability involves the `sourceConfig` and `runtimeConfig` alias fields in the `redactConfigSnapshot` function not being properly redacted. This may lead to the leak…

Read more
Langflow CVE-2025-34291: Account Takeover and RCE via CORS Misconfiguration
www.obsidiansecurity.com · 2025-12-06

### CVE-2025-34291: Critical Account Takeover and RCE Vulnerability in the Langflow AI Agent & Workflow Platform #### Executive Summary - **Vulnerability Chain in Langflow**: A critical vulnerability …

Read more
Analysis of Potential Vulnerabilities in WebAssembly Store Memory Management and Async Execution
docs.rs · 2026-02-25

### Critical Vulnerability Information #### 1. **Store Management** - **Store Lifetime Issues**: The `Store` struct is intended as a short-lived object, but it holds references to long-lived objects l…

Read more
Flowinsight CVE-2025-32311 Command Injection Leading to Docker Container Escape
github.com · 2026-04-21

# Summary of Command Injection and Docker Container Escape Vulnerabilities ## Vulnerability Overview **Title**: Command Injection and Docker container escape allows root on host machine **Published by…

Read more
fix(security): broaden shell-wrapper detection and block env-argv ass… · openclaw/openclaw@8f8492d · GitHub
github.com · 2026-05-05

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Description**: This vulnerability involves extending shell wrapper detection to prevent environme…

Read more
CVSS 7.5
Juniper SRX NAT64 ICMPv6 DoS Vulnerability (CVE-2026-33790)
kb.juniper.net · 2026-04-10

# Juniper Networks Security Advisory Summary (CVE-2026-33790) ## Vulnerability Overview * **CVE ID:** CVE-2026-33790 * **Vulnerability Name:** Junos OS: SRX Series: In a NAT64 configuration, receipt o…

Read more
CVSS 7.3
Unauthenticated SSRF in GPT Researcher WebSocket (CVSS 9.1) with POC
github.com · 2026-04-06

### Vulnerability Overview * **Vulnerability Name**: Unauthenticated WebSocket Source URL SSRF Vulnerability (Unauthenticated SSRF via WebSocket source_urls) * **Affected Product**: GPT Researcher * *…

Read more
flatpak-builder CVE-2026-39977 Path Traversal Arbitrary File Read Vulnerability with PoC
github.com · 2026-04-10

### Vulnerability Overview * **CVE ID**: CVE-2026-39977 * **Title**: Path traversal leading to arbitrary file read on host when installing licence files * **Severity**: High * **Description**: flatpak…

Read more
NJS njs_array_prototype_sort SEGV Vulnerability with PoC
github.com · 2025-11-11

# Key Information ## Vulnerability Title SEGV in njs_array_prototype_sort ## Vulnerability Status Closed ## Vulnerability Description A segmentation fault (SEGV) exists in the array sorting function `…

Read more
Filebrowser <=2.62.2 /api/resources Permission Bypass via Missing Download Check
github.com · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Overview** In the `resourceSetHandler` function within the `http/resource.go` file, the permission flag `Perm.Download` is not checked when re…

Read more
Chamilo LMS Stored XSS via SVG Upload and Fix Code
github.com · 2026-04-18

# Vulnerability Summary ## Overview Chamilo LMS has an SVG file handling vulnerability. An attacker can upload an SVG file containing malicious scripts; due to the system’s lack of proper sanitization…

Read more
Online Job Portal PHP/PDO v1.0 SQL Injection Vulnerability and POC
thecyberpost.com · 2026-04-28

# SQL Injection Vulnerability in Online Job Portal PHP/PDO 1.0 ## Vulnerability Overview The Online Job Portal PHP/PDO version 1.0 contains a remote SQL injection vulnerability. The `CATEGORY` paramet…

Read more
Premium intel
CVSS 7.2
Path Traversal in emu2nZip Plugin Leading to RCE
github.com · 2026-04-04

### Vulnerability Summary A path traversal vulnerability exists in the `emu2nZip()` function (located at `src/class/emu2n.php`, line 783). The function fails to validate ZIP entry names when extractin…

Read more
CVE-2024-40353: Stored XSS in wger via Unescaped License Attribution
github.com · 2026-04-18

# Stored XSS Vulnerability: Unescaped License Attribution Fields ## Vulnerability Overview **Title**: Stored XSS via Unescaped License Attribution Fields **Severity**: High (CVSS 3.1: 7.6) **CVE ID**:…

Read more
Apache Archiva Multiple XSS Vulnerability (CVE-2011-1077)
securityreason.com · 2025-11-08

- **CVE-ID**: CVE-2011-1077 - **Risk Level**: Low - **Published Date**: 2011-06-04 - **Affected Software**: Apache Archiva - **Affected Versions**: 1.3.0 - 1.3.4 (Unsupported versions 1.0 - 1.2.2 are …

Read more
Bundler CVE-2016-7954 Arbitrary Code Injection via Gemfile Sources
collectiveidea.com · 2025-11-20

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2016-7954 - **Affected Scope**: All stable versions of Bundler - **Vulnerability Description**: Attackers can inject arbitrary code th…

Read more
CVSS 8.1
scitokens Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-02

## Vulnerability Overview **Path Traversal Vulnerability**: The scitokens library fails to properly validate and normalize paths in token scopes. Attackers can construct malicious tokens containing `.…

Read more
Premium intel
CVSS 8.1
GitPython <=3.1.44 Input Validation Bypass via shlex.split
github.com · 2026-05-08

# GitPython Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Unsafe option check validates multi_options before shlex.split transforms it - **Vulnerability Description**: In t…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.