Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
CVE-2025-57439: Creacast Creabox Manager RCE via Lua Injection in /edit.php
github.com · 2025-09-24

### Critical Vulnerability Information #### Vulnerability Description - **CVE ID**: CVE-2025-57439 - **Product**: Creacast Creabox Manager - **Vulnerability Type**: Remote Code Execution (RCE) - **Aff…

Read more
LobeChat <v1.129.4 XSS Escalation to RCE via SVG Rendering (CVE-2022-N017)
github.com · 2025-09-20

### Critical Vulnerability Information #### Vulnerability Type - **Remote Code Execution via XSS in Chat Messages** #### Affected Versions - **Affected versions**: `, it renders using the `lobeArtifac…

Read more
Time-Based Blind SQLi in itsourcecode Online Clinic Management System v1 (editp3.php)
github.com · 2025-09-19

From this webpage screenshot, we can extract the following key information about the vulnerability: - **Vulnerability Type**: Time-Based Blind SQL Injection - **Affected File**: editp3.php - **Paramet…

Read more
SQL Injection in itsourcecode Online Clinic Management System v1
github.com · 2025-09-19

From this webpage screenshot, the following key vulnerability information can be obtained: - **Vulnerability Type**: Time-Based Blind SQL Injection - **Affected File**: `transact.php` - **Parameter**:…

Read more
SQL Injection in itsourcecode Web-Based Internet Laboratory Management System v1
github.com · 2025-09-19

### Key Information #### Vulnerability Type - **SQL Injection (Time-Based Blind SQLi)** #### Affected File - `login.php` calls `User::AuthenticateUser()` in `include/user.php` #### Parameter - `user_e…

Read more
Sourcecodester Student Grading System SQL Injection Vulnerability
github.com · 2025-09-18

### Critical Vulnerability Information #### Affected Product - Student Grading System using PHP/MySQL #### Vendor Homepage - https://www.sourcecodester.com/php/14312/online-student-file-management-sys…

Read more
SQL Injection in Sourcecodester Online Student File Management System V1.0
github.com · 2025-09-17

### Critical Vulnerability Information #### Affected Product - **Name**: Sourcecodester Online Student File Management System with Full Source Code (2020) V1.0 - **Version**: V1.0 - **Link**: [Vendor …

Read more
RPi-Jukebox-RFID v2.8.0 Command Injection Vulnerability (RCE) with POC
github.com · 2025-09-14

### Key Information #### Vulnerability Description - **Vulnerability Type**: RCE (Remote Code Execution) - **Affected Software**: RPi-Jukebox-RFID v2.8.0 - **File**: `/htdocs/api/playlist/single.php` …

Read more
WordPress WooCommerce Designer Pro Arbitrary File Upload Vulnerability
patchstack.com · 2025-09-27

### Key Information - **Vulnerability Name**: WordPress WooCommerce Designer Pro Plugin <= 1.9.24 is vulnerable to Arbitrary File Upload - **Priority**: High priority (vulnerable immediately) - **Affe…

Read more
Python pickle Deserialization RCE Vulnerability and PoC Analysis
github.com · 2025-09-26

### Key Information Summary #### Vulnerability Overview - **Type**: Remote Code Execution (RCE) vulnerability - **Location**: `experiments.robot.bridge.reasoning_server::run_reasoning_server` - **Desc…

Read more
Python pickle Deserialization RCE Vulnerability and PoC Analysis
github.com · 2025-09-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Endpoint**: `/calculate` - **Cause**: Unsafe deserialization of user-provided data us…

Read more
H3C Magic B3 Router Buffer Overflow Vulnerability (RCE/DoS)
github.com · 2025-09-26

### Key Information #### Product Information - **Vendor**: New H3C Technologies Co., Ltd. - **Affected Product**: Magic B3 - **Affected Firmware Versions**: Magic B3 <= 100R002 #### Vulnerability Over…

Read more
SourceCodester Pet Grooming Management Software edit.php SQL Injection Vulnerability
github.com · 2025-09-24

### Key Information - **Vulnerability Title**: SourceCodester Pet Grooming Management Software edit.php SQL Injection Vulnerability - **Vulnerability Type**: SQL Injection - **Affected File**: `edit.p…

Read more
ClipBucket ≤5.5.0 Unauthenticated Arbitrary File Upload Leading to RCE (CVE-2025-55912)
medium.com · 2025-09-20

### Key Information Summary #### Vulnerability Overview - **CVE ID**: CVE-2025-55912 - **Vulnerability Type**: Unauthenticated Arbitrary File Upload Leading to Remote Code Execution (RCE) - **Affected…

Read more
SQL Injection in SourceCodester elearning V1.0 (add_teacher.php)
github.com · 2025-09-20

### Key Information #### Affected Product - **Name**: sourcecodester elearning Project V1.0 - **Vendor Homepage**: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html #### Affect…

Read more
Ashlar-Vellum Graphite VC6 File Parsing OOB Write RCE (CVE-2025-7986)
www.zerodayinitiative.com · 2025-09-19

### Critical Vulnerability Information - **Vulnerability Name**: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-639, ZDI-CA…

Read more
Ashlar-Vellum Cobalt LI File Parsing Integer Overflow RCE (CVE-2025-7982)
www.zerodayinitiative.com · 2025-09-19

### Critical Vulnerability Information - **Vulnerability Name**: (0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-630, ZDI-CAN-2547…

Read more
Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow RCE (CVE-2025-7985)
www.zerodayinitiative.com · 2025-09-19

### Critical Vulnerability Information - **Vulnerability Name**: (0Day) Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-637, ZDI-CAN-257…

Read more
Ashlar-Vellum Cobalt VC6 File Parsing OOB Read RCE (CVE-2025-7991)
www.zerodayinitiative.com · 2025-09-19

### Critical Vulnerability Information - **Vulnerability Name**: (0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-643, ZDI-CAN-2…

Read more
WordPress StoreEngine Plugin CVE-2025-9216 Arbitrary File Upload and RCE Analysis
github.com · 2025-09-18

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2025-9216 - **Affected Plugin**: StoreEngine - Powerful WordPress eCommerce Plugin - **Versions**: <= 1.4.0 - **Vul…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.