Security Intel Hub 673— Search: `RCE`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

OpenShell Mirror Sync Directory Exclusion Bypass Vulnerability Analysis

github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the mirror synchronization feature of `OpenShell`, specifically that the `replaceDirectoryContents` function does not correctly exclude certain d…

DataEase SQL Injection Vulnerability Fix Analysis

github.com · 2025-08-27

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: SQL Injection (SQLi) - **Remediation Measures**: - Added input parameter …

CH22 Firmware Buffer Overflow Vulnerability Analysis and PoC

github.com · 2026-04-02

# CH22 漏洞总结 ### 漏洞概述 * **漏洞名称**: CH22 Vulnerability * **漏洞类型**: 缓冲区溢出 (Buffer Overflow) * **受影响版本**: Version CH22, Version V1.0.3 * **漏洞描述**: * 在 `initpage()` 函数中发现缓冲区溢出漏洞。 * `initpage()` 函数调用 `parsei…

CVE-2024-10571: LFI Vulnerability in Chartify WordPress Plugin Analysis

abrahack.com · 2026-04-09

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2024-10571 * **Vulnerability Type**: Local File Inclusion (LFI) * **CVSS Score**: 9.8 (Critical) * **Description**: This vulne…

Fix: Remote Code Execution via Jinacore Deserialization in OkAuth

github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause**: Deserialization vulnerability in the `Jinacore` component within `OkAuth`. …

AstrBot T2I SSTI Vulnerability and RCE POC

github.com · 2026-04-26

# Vulnerability Summary: AstrBot T2I Template Management Server-Side Template Injection (SSTI) ## Vulnerability Overview * **Vulnerability ID**: #7330 * **Vulnerability Type**: Server-Side Template In…

CVE-2023-0341: Stack Buffer Overflow in libeditorconfig ec_glob()

github.com · 2026-04-18

### Vulnerability Overview **CVE-2023-0341** is a stack buffer overflow vulnerability that occurs in the `ec_glob()` function. This vulnerability allows an attacker to crash any application using `lib…

SiYuan Bazaar README XSS via iframe srcdoc (CVE-2026-40922)

github.com · 2026-04-18

# Vulnerability Summary: CVE-2026-33066 ## Overview **Title**: Incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan **CVE ID**: CVE-2026-40922 **Severity**: Moderate **CWE**: CWE-79…

openclaw heartbeat module owner-only auth inheritance fix

github.com · 2026-04-21

# Vulnerability Summary ## Overview This vulnerability affects the `heartbeat` module in the `openclaw` project, specifically the issue of **block owner-only auth inheritance for exec events**. This p…

CVE Report: Zero-Click RCE in pi-mono via Auto-Loaded Extensions

github.com · 2026-04-05

# CVE Report: Zero-Click Remote Code Execution via Auto-Loaded Project Extensions in pi-mono ## Vulnerability Overview | Field | Value | |:---|:---| | **Product** | pi-mono (Pi Coding Agent Monorepo) …

Multiple Pre-Auth SQLi Vulnerabilities in Web-Dorado ECommerce-WD Joomla Plugin with PoCs

seclists.org · 2025-11-08

# Critical Vulnerability Information - **Vulnerability Type**: Multiple Unauthenticated SQL Injection - **Affected Component**: Web-Dorado ECommerce-WD Joomla Plugin (version 1.2.5) - **Impacted Funct…

Jenkins PRB Plugin Permission Handling Fix

github.com · 2025-04-01

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Commit ID**: 346f2d5 - **Commit Description**: "Adjust permission handling in the REST endpoints…

OpenHarness Path Traversal and SSRF Vulnerability Fix Analysis

github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview This commit fixes vulnerabilities related to Path Traversal and Web Guards in the OpenHarness project. The main issue lies in insufficient permission …

CVE-2021-21772: lib3mf Use-After-Free Vulnerability Analysis

talosintelligence.com · 2025-11-07

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2021-21772 - **Vulnerability Type**: Use-After-Free (CWE-416) - **Affected Software & Version**: 3MF Consortium lib3mf 2.0.0 #### Vuln…

WordPress wp-ecommerce Arbitrary File Upload Vulnerability Analysis

github.com · 2026-04-04

# Vulnerability Summary: Arbitrary File Upload in wp-ecommerce Plugin ## Vulnerability Overview This vulnerability exists in the WordPress plugin `wp-ecommerce`. Due to insufficient security validatio…

Grafana Unauthenticated RCE via GRAPHL_COMPUTE Buffer Bypass

github.com · 2026-04-02

**Unauthenticated RCE via GRAPHL_COMPUTE buffer-0 bypass in Grafana RPC backend** **Summary:** A critical unauthenticated remote code execution (RCE) vulnerability exists in Grafana's GRAPHL_COMPUTE p…

OpenSourcePOS v3.4.1 Stored XSS Vulnerability Analysis

github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Details - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Stored Cross-Site Scripting (XSS), CWE-79 - **Affected Componen…

Nginx AdvancedSearch Stored XSS Vulnerability (CVE-2025-62662)

phabricator.wikimedia.org · 2025-10-18

### Key Information #### Vulnerability ID - CVE-2025-62662 #### Vulnerability Type - Stored XSS through system messages in AdvancedSearch #### Affected Versions - Version(s): 1.4.2.x (up to 1.4.2.0) -…

Istio xDS Debug Handler Cross-Namespace Access Control Bypass Fix

github.com · 2026-04-07

### Vulnerability Overview A security vulnerability exists in Istio's xDS debug handler, where it fails to correctly pass or verify the caller's namespace. This can lead to cross-namespace access cont…

OpenSourcePOS v3.4.1 Stored XSS in Customer Module Phone Field

github.com · 2026-02-21

From the webpage screenshot, the following key vulnerability information can be extracted: - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Stored Cross-Site Scripting (XSS), CWE…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 673— Search: RCE×

Security Intel Hub 673— Search: `RCE`×