Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
openapi-generator CLI RCE via x-enum-varnames in OpenAPI spec
github.com · 2026-04-03

# Vulnerability Summary: Remote Code Execution (RCE) in openapi-generator ## 1. Vulnerability Overview * **Vulnerability Type**: Remote Code Execution (RCE). * **Affected Components**: `openapi-genera…

Read more
kubePlus ResourceController S2RF and Header Injection Vulnerability Analysis
github.com · 2026-04-02

# kubePlus ResourceController ChartURL S2RF + Header Injection 漏洞总结 ## 漏洞概述 该漏洞存在于 **kubePlus ResourceController** 组件中。攻击者可通过操纵 `chartURL` 参数,利用服务器端请求伪造(S2RF)和 HTTP 头注入(Header Injection)技术,向任意内部或外部服务发…

Read more
Spring Security OAuth2 Account Confusion via Shared Mutable State in Singleton Instances
github.com · 2026-04-03

# Vulnerability Summary: OAuth Account Confusion via Shared Mutable State on Singleton Service Instances ### Vulnerability Overview This vulnerability exists in the `spring-security-oauth2` library. T…

Read more
AVideo CloneSite Path Traversal via deleteDump Parameter (CVE-2026-33293)
github.com · 2026-04-22

### Vulnerability Overview **CVE-2026-33293: Path Traversal Vulnerability in AVideo** - **Vulnerability Description**: The `deleteDump` parameter of AVideo's CloneSite does not apply path traversal fi…

Read more
Erlang OTP public_key OCSP Responder Certificate Signature Verification Bypass
github.com · 2026-04-07

### Vulnerability Summary **1. Vulnerability Overview** A validation flaw exists in the `public_key` module of Erlang OTP regarding the processing of OCSP (Online Certificate Status Protocol) response…

Read more
simple-git RCE via case-insensitive protocol.allow config bypass
github.com · 2026-04-18

### Vulnerability Overview **Vulnerability Name**: `blockUnsafeOperationsPlugin` bypass via case-insensitive `protocol.allow` config key enables RCE **Vulnerability Description**: - The `blockUnsafeOp…

Read more
CVE-2025-63604: Code Injection in AWS Resources MCP Server
github.com · 2025-11-19

```md ## CVE-2025-63604: Code Injection ### Summary The AWS Resources MCP Server contains critical security vulnerabilities that allow arbitrary code execution through insufficient input validation in…

Read more
FreeScout Customer Merge Cross-Mailbox Authorization Bypass
github.com · 2026-04-08

# Vulnerability Summary: Customer Merge Cross-Mailbox Authorization Bypass ## Vulnerability Overview This vulnerability exists in the FreeScout software and is known as "Customer Merge Cross-Mailbox A…

Read more
FFmpeg zmqsend Buffer Overflow Vulnerability Analysis
github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a C language source code file named `zmqsend.c`, which is part of the FFmpeg project. The code involves the use of the ZeroMQ library for sendin…

Read more
WooCommerce Customer Reviews Auth Bypass to Arbitrary Review Submission
www.wordfence.com · 2026-04-11

### Vulnerability Overview * **Title**: Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter * **Description**: The Cu…

Read more
goldmark XSS vulnerability fix in HTML renderer
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Cross-Site Scripting (XSS) - **Vulnerability Description**: If URLs of links and images contain dangerous characters (e.g., …

Read more
Linux Kernel IPTables TCP Handling Remote DoS Vulnerability (GLSA)
www.gentoo.org · 2025-11-07

### Key Information - **Vulnerability Overview**: - **Title**: Linux Kernel: Remote DoS with IPTables TCP Handling - GLSA - **Release Date**: July 14, 2004 - **Latest Revision**: October 10, 2004: 02 …

Read more
Tenda RX3 Router Wi-Fi Schedule Buffer Overflow Vulnerability Analysis
github.com · 2026-02-09

## Critical Vulnerability Information ### Affected Product - **Vendor**: Tenda (Shenzhen Tenda Technology Co., Ltd.) - **Product**: Tenda RX3 - **Affected Version**: Firmware V16.03.13.11 ### Vulnerab…

Read more
Booster for WooCommerce Reflected XSS Vulnerability (<=7.2.3)
www.wordfence.com · 2024-11-24

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting 2. **Vulnerabili…

Read more
uutils mv TOCTOU Race Condition in Cross-Device File Move
github.com · 2026-04-23

# Vulnerability Summary: uutils mv TOCTOU Race #10015 ## Vulnerability Overview The `mv` command in uutils has a race condition (TOCTOU Race) between deleting and recreating the destination file when …

Read more
Linux Kernel reset-uniphier-glue null-ptr-deref fix
git.kernel.org · 2025-03-29

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: Potential null pointer dereference (null-ptr-deref). - **Affected File**:…

Read more
AVideo CVE-2026-33502 Command Injection Vulnerability Analysis and Fix
github.com · 2026-04-22

# Vulnerability Summary: CVE-2026-33502 ## Overview * **Vulnerability Name**: AVideo Command Injection Vulnerability (CVE-2026-33502) * **Vulnerability Type**: CWE-78 (OS Command Injection) * **Severi…

Read more
UTT HiPER 810G Router Buffer Overflow Vulnerability Analysis
github.com · 2026-02-23

### Vulnerability Key Information - **Affected Product**: UTT HiPER 810G Router - **Affected Firmware Version**: <= v3v1.7.7-171114 - **Vulnerability Type**: Critical Buffer Overflow Vulnerability - *…

Read more
itsourcecode Payroll Management System 1.0 /navbar.php XSS Vulnerability (CVE-2020-5319)
vuldb.com · 2026-04-02

# 漏洞关键信息总结 **漏洞概述** * **漏洞名称:** ITSOURCECODE Payroll Management System Up to 1.0 /navbar.php Page Cross Site Scripting * **CVE编号:** CVE-2020-5319 * **漏洞类型:** 跨站脚本攻击 (XSS) * **CVSS评分:** 3.9 (Problemati…

Read more
Chamilo Social Post SVG Sanitization Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves allowing only images and videos as attachments in social posts, and performing sanitization on SVG content. Specifically includes: 1. **Social Po…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.