Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
SQL Injection in Itsourcecode Loan Management System V1.0
github.com · 2025-11-03

## Key Information ### Affected Product Name - Online Loan Management System PHP and MySQL Source Code Project Version V1.0 ### Vendor Homepage - [Itsourcecode Loan Management System Project Source Co…

Read more
Keycloak CVE-2020-4030 UMA Policy Bypass Vulnerability Analysis
bugzilla.redhat.com · 2026-04-02

### **CVE-2020-4030 Vulnerability Summary** --- #### **1. Vulnerability Overview (漏洞概述)** - **Title:** CVE-2020-4030: UMA policy bypass allows

Read more
Roundcube Password Plugin Type Juggling Vulnerability Fix
github.com · 2026-04-03

**1. Extracted Key Information:** - **Commit ID:** 6a27567 - **Title:** Fix bug where a password could get changed without providing the old password - **Description:** -

Read more
PHP-FPM Unix Socket Misconfiguration Leading to Info Disclosure/RCE
www.openwall.com · 2026-04-03

**Vulnerability Overview:** This vulnerability exists

Read more
Cisco FTD Snort 3 Detection Engine Bypass Vulnerability (CVE-2024-20407)
sec.cloudapps.cisco.com · 2024-10-26

### Key Information 1. **Vulnerability Description**: - **Vulnerability Name**: Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability - **Vulnerability ID**: cisco-…

Read more
Fix Path Traversal in file_upload Module Leading to Arbitrary File Overwrite
github.com · 2026-04-03

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Type**: Path Traversal leading to information disclosure or file overwriting. * **Detailed Description**: In the `file_upload` mo…

Read more
Craft CMS Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves an issue with resource path handling in Craft CMS, specifically manifested in the `AppController.php` and `Application.php` files, where insecure…

Read more
GitLab Trusted Resources URL Parsing Bypass Fix Analysis
github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves improper handling of the `git` prefix when parsing and matching resource URLs, leading to potential security issues. Specific manifestations incl…

Read more
Roundcube DMP Injection and CRLF Bypass Vulnerability Fix Analysis
github.com · 2026-04-03

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Type**: DMP (Dovecot Manage Protocol) Injection, CRLF Bypass, Unauthorized Access, Password Modification Bypass. …

Read more
Android Bluetooth Binder Permission Bypass via Null AttributionSource
android.googlesource.com · 2024-11-17

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - The researcher reported that some Bluetooth (BT) calls crossing …

Read more
Tourist Management System PHP Unrestricted File Upload Leading to RCE
github.com · 2024-10-12

From this webpage screenshot, we can obtain the following key information about the vulnerability: 1. **Affected Product**: - Tourist Management System In PHP With Source Code 2. **Affected Version**:…

Read more
FreeScout Information Disclosure: Non-folder Queries Bypass Assigned-Only Restrictions
github.com · 2026-04-22

# Vulnerability Summary: Non-folder conversation queries disclose assigned-only hidden conversations ## Vulnerability Overview This vulnerability exists in the `freescout` software. Due to the global …

Read more
SignalX Server Unauthenticated Source Priorities Manipulation
github.com · 2026-04-03

### Summary SignalX Server has an unauthenticated HTTP endpoint that allows remote attackers to modify navigation source priority data. The endpoint is accessible without authentication and performs n…

Read more
Stashed Desktop App RCE via Path Traversal and Arbitrary File Write (CVE-2019-10842)
www.rcesecurity.com · 2026-04-04

# Stashed Desktop App RCE Vulnerability Summary (CVE-2019-10842) ### Vulnerability Overview Stashed Desktop App contains a critical remote code execution (RCE) vulnerability. The flaw arises from impr…

Read more
pi-mono Slack Bot Unauthenticated RCE via LLM Prompt Injection and Bash Tool
github.com · 2026-04-05

## Vulnerability Overview **CVE Report: Unauthenticated Remote Code Execution via Slack Message in pi-mono mom Bot** | Field | Value | |:---|:---| | Product | pi-mono (Pi Coding Agent Monorepo) | | Ve…

Read more
MyBatis-Plus TenantPlugin SQL Injection Vulnerability Analysis
github.com · 2025-11-09

## Vulnerability Summary **Threat**: SQL Injection **MavenGroupId**: com.baomidou **MavenArtifactId**: mybatis-plus **Affected Versions**: 3.x **Affected Component**: TenantPlugin **Description**: The…

Read more
Spring Framework JndiObjectFactoryBean Resource Validation Fix
github.com · 2025-05-29

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Submission ID**: 8a66aa3 - **Submission Date**: January 29, 2021 - **Submitter**: @svenkueenle …

Read more
Jeesite XXE Vulnerability (CWE-611): Unfiltered logoutRequest Causes SSRF
www.yuque.com · 2026-03-02

## Jeesite XXE Vulnerability Report (CWE-611) ### 1. Description Jeesite contains an XXE vulnerability. The user-controlled `logoutRequest` XML is parsed without adequate XXE protections, enabling att…

Read more
AgentSeek RCE via Unsandboxed LLM Code Execution
github.com · 2026-04-06

## CVE Report: Remote Code Execution via Unsandboxed LLM-Generated Code Execution ### Vulnerability Overview AgentSeek contains a critical remote code execution vulnerability where unauthenticated att…

Read more
Kubeflow ResourceComposition SSRF and HTTP Header Injection Vulnerability Analysis
gist.github.com · 2026-04-02

**Vulnerability Summary** * **Vulnerability Name**: Kubeflow ResourceComposition ChartUtil.SSIF + Header Injection * **Vulnerability Type**: Server-Side Request Forgery (SSRF) and HTTP Header Injectio…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.