Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Chamilo Course Catalog Access Control Fix (Role-based Security)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Description**: This vulnerability involves adding `CourseRelUserStateProcessor` and improving course catalog filtering l…

Read more
CVE-2020-32716: scitokens Authorization Bypass via Scope Path Prefix Checking
github.com · 2026-04-02

## Vulnerability Overview **Title**: Authorization Bypass via Incorrect Scope Path Prefix Checking **CVE ID**: CVE-2020-32716 **Severity**: High (8.1/10) **Root Cause**: The `Enforcer` class used simp…

Read more
Mayuri K. Gaatrickar Courier Management System 1.0 Broken Access Control in delete_user
vuldb.com · 2026-04-02

### Vulnerability Overview * **Vulnerability Title**: Mayuri K. Gaatrickar Courier Management System 1.0 Broken Access Control * **Severity**: High (High Risk) * **Description**: This vulnerability ex…

Read more
api-lab-mcp SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF, CWE-918). * **Description**: The `api-lab-mcp` project contains an SSRF vulnerability within the MCP/HTTP tool h…

Read more
wasm3 MarkSlotAllocated NULL Pointer Dereference Crash Analysis
github.com · 2025-07-06

### Key Information #### Vulnerability Description - **Type**: SEGFAULT (SEGV) - **Location**: source/m3_compile.c:332:25 in MarkSlotAllocated - **Version**: Latest commit 79d412e - **Environment**: U…

Read more
VMware VMCI use-after-free vulnerability fix in vmci_resource_remove
git.kernel.org · 2024-09-19

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: VMCI: Fix use-after-free when removing resource in v…

Read more
NJS njs_array_prototype_sort SEGV Vulnerability with PoC
github.com · 2025-11-11

# Key Information ## Vulnerability Title SEGV in njs_array_prototype_sort ## Vulnerability Status Closed ## Vulnerability Description A segmentation fault (SEGV) exists in the array sorting function `…

Read more
Buffer Overflow in UTT HiPER 810G /goform/formFireWall causing DoS
github.com · 2026-02-07

- **Vulnerability Title**: - Buffer Overflow Vulnerability in UTT HiPER 810G Router /goform/formFireWall (Denial of Service) - **Information**: - Vendor: UTT (AiTai) - Vendor Website: [https://utt.com…

Read more
Apache Archiva Multiple XSS Vulnerability (CVE-2011-1077)
securityreason.com · 2025-11-08

- **CVE-ID**: CVE-2011-1077 - **Risk Level**: Low - **Published Date**: 2011-06-04 - **Affected Software**: Apache Archiva - **Affected Versions**: 1.3.0 - 1.3.4 (Unsupported versions 1.0 - 1.2.2 are …

Read more
Hardcoded Firebase API Key in app.inventory.toyfactory v1.5.5 Leading to Unauthorized Data Access
www.notion.so · 2026-04-04

# 漏洞总结 ## 漏洞概述 在Android应用 **app.inventory.toyfactory** (版本 1.5.5) 中,存在一个硬编码的 Google Firebase API 密钥。该密钥位于客户端可访问的资源文件中,攻击者可提取该密钥,利用 Firebase Identity Toolkit 实现匿名认证,并通过生成的 ID 令牌访问关联的 Firebase Realtime …

Read more
Unauthenticated SSRF in GPT Researcher WebSocket (CVSS 9.1) with POC
github.com · 2026-04-06

### Vulnerability Overview * **Vulnerability Name**: Unauthenticated WebSocket Source URL SSRF Vulnerability (Unauthenticated SSRF via WebSocket source_urls) * **Affected Product**: GPT Researcher * *…

Read more
Path Traversal in emu2nZip Plugin Leading to RCE
github.com · 2026-04-04

### Vulnerability Summary A path traversal vulnerability exists in the `emu2nZip()` function (located at `src/class/emu2n.php`, line 783). The function fails to validate ZIP entry names when extractin…

Read more
Juniper SRX NAT64 ICMPv6 DoS Vulnerability (CVE-2026-33790)
kb.juniper.net · 2026-04-10

# Juniper Networks Security Advisory Summary (CVE-2026-33790) ## Vulnerability Overview * **CVE ID:** CVE-2026-33790 * **Vulnerability Name:** Junos OS: SRX Series: In a NAT64 configuration, receipt o…

Read more
Chamilo LMS Stored XSS via SVG Upload and Fix Code
github.com · 2026-04-18

# Vulnerability Summary ## Overview Chamilo LMS has an SVG file handling vulnerability. An attacker can upload an SVG file containing malicious scripts; due to the system’s lack of proper sanitization…

Read more
Filebrowser <=2.62.2 /api/resources Permission Bypass via Missing Download Check
github.com · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Overview** In the `resourceSetHandler` function within the `http/resource.go` file, the permission flag `Perm.Download` is not checked when re…

Read more
Analysis of Potential Vulnerabilities in WebAssembly Store Memory Management and Async Execution
docs.rs · 2026-02-25

### Critical Vulnerability Information #### 1. **Store Management** - **Store Lifetime Issues**: The `Store` struct is intended as a short-lived object, but it holds references to long-lived objects l…

Read more
Langflow CVE-2025-34291: Account Takeover and RCE via CORS Misconfiguration
www.obsidiansecurity.com · 2025-12-06

### CVE-2025-34291: Critical Account Takeover and RCE Vulnerability in the Langflow AI Agent & Workflow Platform #### Executive Summary - **Vulnerability Chain in Langflow**: A critical vulnerability …

Read more
Directory Management System V1.0 SQL Injection Vulnerability and POC
github.com · 2026-01-20

### Key Information #### Vulnerability Details - **Vulnerability**: SQL Injection - **Vulnerable File**: `/dms/index.php` - **Affected Version**: V1.0 - **Vendor Homepage**: - [Directory Management Sy…

Read more
SQL Injection in Online Blood Bank Management System V1.0 via search parameter
github.com · 2025-04-09

## Critical Vulnerability Information ### Affected Product - **Name**: Online Blood Bank Management System in PHP with Source Code - **Version**: V1.0 - **Link**: [Vendor Homepage](https://itsourcecod…

Read more
scitokens Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-02

## Vulnerability Overview **Path Traversal Vulnerability**: The scitokens library fails to properly validate and normalize paths in token scopes. Attackers can construct malicious tokens containing `.…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.