Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Booster for WooCommerce Reflected XSS Vulnerability (<=7.2.3)
www.wordfence.com · 2024-11-24

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting 2. **Vulnerabili…

Read more
Fix integer overflow in src_stride calculation in ffz draw-unpack.c
github.com · 2026-04-02

### 漏洞关键信息总结 **漏洞概述** * **编号**: Bug 760990 * **描述**: 在 `unpack_stream` 函数中计算 `src_stride` 时发生整数溢出(overflow)。 * **原因**: 原有计算 `(w * depth * n) >> 1` 使用32位整数运算,数值过大时导致溢出。 **影响范围** * **文件**: `source/ffz/d…

Read more
Chromium Blink Geolocation Timer Not Stopped Fix
code.google.com · 2025-11-09

## Key Vulnerability Information ### Basic Information - **Type**: Vulnerability - **Priority**: P1 - **Severity**: S1 - **Status**: Fixed - **Component Tags**: Blink ### Description - This issue was …

Read more
NanoMQ 0.22.1 Unauthenticated Memory Leak DoS (CVE-2024-42649)
github.com · 2025-07-15

### Key Information #### CVE Number CVE-2024-42649 #### Vulnerability Type Memory Leak #### Affected Version - NanoMQ 0.22.1 - GIT COMMIT: 70de56cddc87444d120a3a7e477c76a26bca8d56 #### Vulnerability I…

Read more
CVE-2025-71058 DNS Cache Poisoning Vulnerability and POC Analysis
github.com · 2026-04-22

# CVE-2025-71058 Vulnerability Summary ## Vulnerability Overview This vulnerability involves DNS cache poisoning attacks, exploiting forged DNS response packets to deceive the target resolver. The att…

Read more
Fix for Node Crash due to Invalid BLS Voting Key Validation in Blockchain Consensus
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Name**: Crash Caused by Invalid Election Macro Block Validator Voting Key Verification - **Description**: An unvalidated node can announce an elec…

Read more
Reflected XSS in Inventory System 1.0 (add_purchase.php)
github.com · 2026-04-02

# Vulnerability Summary: Reflected XSS in Inventory System (Add Purchase) **Overview** * **Vulnerability Type**: Reflected Cross Site Scripting (XSS) * **Affected Product**: Inventory System * **Affec…

Read more
llama.cpp RPC RCE Patch: Fix in deserialize_tensor_info
github.com · 2026-04-02

### 漏洞修复总结 **漏洞概述** 该提交记录展示了 `llama.cpp` 项目(一个基于 C++ 的 Llama 模型推理库)中一个关键的安全修复。提交信息明确标注为 `rpc : RCE patch (#20980)`,表明该补丁修复了 RPC 模块中存在的远程代码执行(RCE)漏洞,有效防止攻击者通过构造恶意数据实现远程代码执行。 **影响范围** - **仓库**: `ngml/ll…

Read more
WooCommerce Product Table Lite 3.8.6/3.8.7 Security Vulnerability Fix
plugins.trac.wordpress.org · 2024-11-24

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Version Information**: - **WCPT_VERSION**: 3.8.6 - **WCPT_VERSION**: 3.8.7 2. **Security Vulner…

Read more
SQL Injection in Modern Loan Management System 1.0 with POC
www.shawroot.cc · 2024-09-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Title**: SQL injection in Modern Loan management system 1.0 2. **Date**: Septemb…

Read more
Chamilo Social Post SVG Sanitization Fix
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves allowing only images and videos as attachments in social posts, and performing sanitization on SVG content. Specifically includes: 1. **Social Po…

Read more
Craft Commerce Stored XSS and Privilege Escalation (CVE-2026-25485)
github.com · 2026-02-04

### Critical Vulnerability Information #### Vulnerability Overview - **Name**: Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation - **CVE ID**: CVE…

Read more
Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 · Advisory · python-poetry/poetry · GitH
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 - **CVE ID**: CVE-2024-1140 - **CWE ID**: CWE-22 - **Description**:…

Read more
FFmpeg zmqsend.c Potential Info Leak/DoS Vulnerability Analysis
ffmpeg.org · 2026-04-18

### FFmpeg Vulnerability Summary #### Vulnerability Overview - **File**: `zmqsend.c` - **Description**: This file is part of FFmpeg and is used to send ZMQ messages. There is a potential vulnerability…

Read more
E-POINT CMS CVE-2025-65806 Nested ZIP Archive Bypass Arbitrary File Upload
github.com · 2025-12-05

- **CVE ID**: CVE-2025-65806 - **Author**: Kacper Zabiegaj - **Severity**: Medium - **Affected Product**: E-POINT CMS - **Affected Version**: eagle.gsam-1169.1 - **Vendor**: E-POINT SA - **Attack Vect…

Read more
KVM x86: vCPU INIT warning in SMM mode due to SHUTDOWN interrupt
git.kernel.org · 2025-05-21

### Critical Vulnerability Information - **Vulnerability Description**: - In KVM, when a virtual CPU (vCPU) encounters a SHUTDOWN interrupt while in System Management Mode (SMM), KVM forces a vCPU INI…

Read more
GitLab CI YAML Parser DoS Vulnerability (CVE-2024-9384) Fix Analysis
github.com · 2026-04-03

### Vulnerability Summary **Overview** * **Vulnerability Type**: Denial of Service (DoS) / Infinite Recursion * **Affected Component**: GitLab CI/CD Configuration Parser (YAML Parser) * **Description*…

Read more
WordPress Auto Post Scheduler CSRF Vulnerability Details (CVSS 9.8)
www.wordfence.com · 2026-04-02

### Vulnerability Summary: Auto Post Scheduler **1. Vulnerability Overview** * **Vulnerability Name:** Cross-Site Request Forgery (CSRF) in Auto Post Scheduler * **Affected Software:** Auto Post Sched…

Read more
Chrome heap-use-after-free in ForceSigninVerifier (CVE-2021-37997)
crbug.com · 2025-11-11

```md # Critical Vulnerability Information ## Vulnerability Details - **Issue ID**: 40057601 - **Title**: Security: heap-use-after-free in ForceSigninVerifier::SendRequestIfNetworkAvailable - **Descri…

Read more
Paket Compiler manifest package name validation bypass
github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves improper handling of invalid package names when parsing `manifest` files. Specifically, when an invalid package name is present in the `manifest`…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.