Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
mcp-server-kubernetes port_forward Parameter Injection Vulnerability
github.com · 2026-04-18

# Vulnerability Summary: Argument Injection Vulnerability in the `port_forward` Tool ## Overview In the `port_forward` tool of `mcp-server-kubernetes`, there is an argument injection vulnerability. Th…

Read more
Chrome Safe Browsing Bypass via Data URI (CVE-2023-1814)
crbug.com · 2025-11-20

### Key Information - **Title**: Security: Safe Browsing bypass via data URI, no warning if SB fails - **Type**: Vulnerability - **Priority**: P1 - **Severity**: S2 - **Status**: Fixed - **CVE**: 2023…

Read more
OpenSourcePOS v3.4.1 Stored XSS via Incorrect Content-Type Handling
github.com · 2026-02-21

### Vulnerability Overview - **Affected Product**: OpenSourcePOS v3.4.1 - **Vulnerability Type**: Improper `Content-Type` handling leading to Stored Cross-Site Scripting (XSS) (CWE-79, CWE-116) - **Af…

Read more
Stored XSS in fabric.js SVG Export via id/src Injection (CVE-2026-27013)
github.com · 2026-02-21

From the screenshot, we can extract the following key points about the vulnerability: - **Vulnerability**: Stored XSS via SVG Export (GHSA-hfvx-25r5-qc3w) - **Severity**: High (CVSS v3 base metrics: 7…

Read more
Craft Commerce Stored XSS Leading to Privilege Escalation (CVE-2026-25490)
github.com · 2026-02-04

This webpage screenshot provides a detailed description of a stored XSS vulnerability discovered in Craft Commerce, which could lead to privilege escalation. Below are the key vulnerability details ex…

Read more
ProjectsAndPrograms School Management System Authenticated File Upload leading to RCE
vuldb.com · 2026-04-04

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name:** ProjectsAndPrograms school-management-system 1 File Upload / RCE * **Description:** A authenticated file upload vulnerabi…

Read more
CVE-2025-61546: Print Shop Pro WebDesk Business Logic Flaw (Negative Quantity Bypass)
github.com · 2026-01-20

# CVE-2025-61546: Print Shop Pro WebDesk Business Logic Flaw ## Information - **Summary**: Client-side validation input validation bypass enables negative quantity purchases. - **Vendor**: edu Busines…

Read more
API Platform GraphQL Relay Unauthorized Resource Access Fix
github.com · 2025-04-09

## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unauthorized Resource Access - **Cause**: Unauthorized resources were accessed when using Relay. ### Related Files and C…

Read more
qmail CVE-2026-41113 RCE via DNS MX Shell Injection with Exploit
github.com · 2026-04-18

# qmail Remote Code Execution Vulnerability (CVE-2026-41113) ## Vulnerability Overview * **Vulnerability Name**: qmail-remote Remote Code Execution (RCE) via DNS MX Hostname Shell Injection * **CVE ID…

Read more
CVE-2025-23227: sctokens Path Traversal Authorization Bypass
github.com · 2026-04-02

# Vulnerability Summary: Path Traversal in sctokens Leading to Authorization Bypass ## Vulnerability Overview **CVE ID**: CVE-2025-23227 **Severity**: High (8.1/10) **Affected Versions**: "/home" # ur…

Read more
WooCommerce Bot for Telegram Auth Bypass via Token Disclosure (CVE-2024-9821)
www.wordfence.com · 2024-10-13

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bo…

Read more
SiYuan Bazaar Unfiltered README Rendering Leads to XSS to RCE
github.com · 2026-04-18

# Vulnerability Summary: Unfiltered Bazaar README Rendering in SiYuan Leads to XSS to RCE ## Vulnerability Overview SiYuan Bazaar (community marketplace) does not perform HTML filtering when rendering…

Read more
Stored XSS in Sourcecodester Cab Management System 1.0 (CVE-2024-51031)
github.com · 2024-11-11

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: CVE-2024-51031 2. **Description**: A Cross-Site Scripting (XSS) vulnerability exists…

Read more
LibreNMS 2024R2.1 Security Advisory: AD/LDAP Cert Removal, Broken Access Control, Session Replay Fix
www.nagios.com · 2025-04-09

### Critical Vulnerability Information #### 2024R2.1 - 03/26/2025 - **Fixed**: - Fixed a security vulnerability while removing an AD/LDAP certificate (Thanks to Haiyu Li, Shifei Zhao, mro22, rjy, King…

Read more
OpenClaw Browser Proxy allowProfiles Config Logic Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the `allowProfiles` configuration of the browser proxy in the OpenClaw project. When `allowProfiles` is set to an empty value, the browser proxy …

Read more
ACP Attachment Path Traversal Fix and Test Cases
github.com · 2026-04-28

# Vulnerability Summary ## Overview This vulnerability involves enforcing restrictions on the ACP (Attachment Control Policy) attachment root directory. Specific manifestations include: - **Enforced r…

Read more
source-map-support Directory Traversal via Custom File Reader (CVE-2024-21540)
gist.github.com · 2024-11-17

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - **Title**: Package source-map-support: Possible to inject custom…

Read more
RCE in WordPress Plugin Spam Project for Contact Form 7 < 1.2.10 (CVE-2026-1640)
wpscan.com · 2026-04-02

# Vulnerability Summary: Spam Project for Contact Form 7 Remote Code Execution (RCE) ### Overview * **Vulnerability Name**: Spam Project for Contact Form 7 alert("XSS")'; // 4. Define the SQL query $s…

Read more
SSRF Vulnerability in api-lab-mcp (CVE-918) with POC
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) / 服务器端请求伪造 * **CVE ID**: CVE-918 * **Description**: An SSRF vulnerability was discovered in the MCP tools (`anal…

Read more
GeoNode Remote Document Upload Thumbnail Generation Vulnerability Fix
github.com · 2026-04-18

# GeoNode Remote Document Upload Thumbnail Generation Vulnerability ## Vulnerability Overview When uploading remote documents, GeoNode attempts to process thumbnail files generated from remote URLs lo…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.