Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 666— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.7
SQL Injection in Sourcecodester Online Student Clearance System V1.0
github.com · 2025-11-24

### Name - **Vulnerability Name**: Sourcecodester Online Student Clearance System Project V1.0 /Admin/changepassword.php SQL injection ### Affected Product - **Product Name**: Online Student Clearance…

Read more
Premium intel
CVSS 8.3
XWiki Confluence Bridges RCE via Velocity Execution (CVE-2025-65036)
github.com · 2025-12-06

### Vulnerability Key Information #### Title - **Remote code execution using the confluence details summary macro** #### Reference - **GHSA-472x-fwh9-r82f** #### Severity - **Severity: High 8.3 / 10**…

Read more
Hugging Face Transformers SEW-D convert_config RCE Vulnerability (CVE-2025-14927)
www.zerodayinitiative.com · 2025-12-29

# Vulnerability Key Information - **Title**: (0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability - **Vulnerability ID**: - ZDI-25-1148 - ZDI-CAN-28…

Read more
Hugging Face Transformers CVE-2025-14930 Deserialization RCE Advisory
www.zerodayinitiative.com · 2025-12-29

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: (0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - …

Read more
Tencent NeuralNLP-NeuralClassifier Untrusted Data Deserialization RCE (CVE-2025-13708)
www.zerodayinitiative.com · 2025-12-29

Key vulnerability information extracted from the web screenshot: - **Vulnerability Title**: - Tencent NeuralNLP-NeuralClassifier _load_ checkpoint Deserialization of Untrusted Data Remote Code Executi…

Read more
CVSS 6.3
ZSPACE Z4Pro+ NAS Command Injection Vulnerability (RCE)
vuldb.com · 2026-01-03

- **Title**: ZSPACE Z4Pro+ v1.0.0440024 Command Injection - **Description**: A binary vulnerability exists in the ZSPACE Z4pro+ NAS device (Firmware v1.0.0440024), leading to Remote Command Execution …

Read more
InvoicePlane Multiple High-Severity Vulnerabilities: Unauth File Read, SQLi, and RCE via PHP Upload (CVE-2025-67082/6708
www.helx.io · 2026-01-20

### Critical Vulnerability Information - **CVEs**: - CVE-2025-67082 - CVE-2025-67083 - CVE-2025-67084 - **Product**: InvoicePlane - **Severity**: High - **Affected Version(s)**: ≤ 1.6.3 - **Fixed Vers…

Read more
Premium intel
CVSS 10.0
Tencent WeKnora CVE-2026-22688 Command Injection Leading to RCE
github.com · 2026-01-20

### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: Command Injection (CWE-78) - **Affected Scope**: Tencent/WeKnora project's `internal/mcp/client.go` file, versions < 0…

Read more
Explorance Blue Authenticated Unrestricted File Upload RCE (CVE-2025-57794)
github.com · 2026-01-29

Below is the list of key information about vulnerability `MNDT-2026-0003` obtained through analysis of the webpage content: - **Vulnerability Description**: In versions of `Explorance Blue` prior to `…

Read more
CVSS 4.3
CSRF Vulnerability in SourceCodester Medical Certificate Generator App (CVE-2026-1745)
github.com · 2026-02-02

## Critical Vulnerability Information ### Vulnerability Overview - **CVE ID**: CVE-2026-1745 - **Vulnerability Type**: Cross-Site Request Forgery (CSRF) - **Impact**: Arbitrary Medical Certificate Del…

Read more
CVSS 4.3
WordPress Plugin KirilKirkovPDFInvoices 1.6 Code Audit: RCE/LFI/SQLi Risks
plugins.trac.wordpress.org · 2026-02-11

## Critical Vulnerability Information ### 1. **Plugin Name** - KirilKirkovPDFInvoices ### 2. **Version** - 1.6 ### 3. **Potential Vulnerabilities** - **Remote Code Execution Risk** - The code contains…

Read more
Premium intel
CVSS 9.1
InvoicePlane <=1.7.0 Log Poisoning to RCE via CVE-2026-25548
github.com · 2026-02-21

## Critical Vulnerability Information ### Vulnerability Details - **CVE ID**: CVE-2026-25548 - **CVSS 3.1 Score**: 9.1 (Critical) - **Affected Versions**: <=1.7.0 - **Patched Versions**: None ### Vuln…

Read more
Premium intel
CVSS 9.8
Alfresco Transform Service Vulnerabilities: CVE-2026-26337/338/339 (RCE, SSRF, Path Traversal)
connect.hyland.com · 2026-02-21

- **CVE-2026-26337**: Absolute Path Traversal (Arbitrary File Read + SSRF) - Impact: Arbitrary file read and server-side request forgery (SSRF) - Affected Components: Alfresco Transform Service (ATS),…

Read more
Premium intel
CVSS 8.8
SPIP interface_traduction_objets Authenticated RCE via Code Injection (CVE-2026-27745)
www.vulncheck.com · 2026-02-25

- **Advisories**: SPIP interface_traduction_objets < 2.2.2 Authenticated RCE - **Severity**: High - **Date**: 2/24/2026 - **Affected Versions**: Versions of the SPIP interface_traduction_objets plugin…

Read more
Premium intel
CVSS 8.8
Advanced Woo Labels Plugin Vulnerability Analysis (XSS/SSRF/RCE)
plugins.trac.wordpress.org · 2026-02-25

### Critical Vulnerability Information - **Plugin Name**: Advanced Woo Labels - **File**: `/includes/admin/class-awl-admin-ajax.php` - **Version**: 2.34 - **Last Modified**: Modified in changeset 3443…

Read more
Premium intel
CVSS 8.8
WordPress Advanced Woo Labels RCE via call_user_func_array (CVE-2026-1929)
www.wordfence.com · 2026-02-25

### Critical Vulnerability Information **Vulnerability Details** - **Vulnerability ID**: CVE-2026-1929 - **CVSS Score**: 8.8 (High) - **Vulnerability Type**: Code Injection - **Publication Date**: Feb…

Read more
CVE-2026-26738: SpaceSniffer Stack Buffer Overflow RCE via .sns Files
www.gruppotim.it · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** * **CVE ID**: CVE-2026-26738 * **Affected Software**: Uderzo Software SpaceSniffer * **Affected Version**: 2.0.5.18 * **Vulnerability Type**: Stack…

Read more
Authenticated RCE via PHP Insecure Deserialization in Intermezz/groupoffice
github.com · 2026-04-03

### Vulnerability Summary - **Summary/Description**: This is a remote code execution (RCE) vulnerability caused by insecure PHP deserialization. An authenticated user can execute arbitrary system comm…

Read more
SQL Injection in itsourcecode Online Cellphone System 1.0 (CVE-2026-5553)
vuldb.com · 2026-04-05

## Vulnerability Key Information Summary ### Vulnerability Overview | Attribute | Content | |:---|:---| | **Vulnerability Name** | itsourcecode Online Cellphone System 1.0 SQL Injection Vulnerability …

Read more
CVSS 6.3
itsourcecode Online Cellphone System V1.0 /cp/available.php SQL Injection Vulnerability
github.com · 2026-04-05

# itsourcecode Online Cellphone System V1.0 "/cp/available.php" SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected File**: `/cp/available.php` -…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.