Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Online Job Portal PHP/PDO v1.0 SQL Injection Vulnerability and POC
thecyberpost.com · 2026-04-28

# SQL Injection Vulnerability in Online Job Portal PHP/PDO 1.0 ## Vulnerability Overview The Online Job Portal PHP/PDO version 1.0 contains a remote SQL injection vulnerability. The `CATEGORY` paramet…

Read more
SourceCodester Modern Loan Management System 1.0 SQL Injection (CVE-2024-9090)
vuldb.com · 2024-09-24

### Key Information 1. **Vulnerability ID**: - VDB-278268 - CVE-2024-9090 2. **Vulnerability Name**: - SourceCodester Modern Loan Management System 1.0 Search_member.php SearchMember SQL Injection 3. …

Read more
scitokens Path Traversal Vulnerability Fix Analysis
github.com · 2026-04-02

## Vulnerability Overview **Path Traversal Vulnerability**: The scitokens library fails to properly validate and normalize paths in token scopes. Attackers can construct malicious tokens containing `.…

Read more
Bundler CVE-2016-7954 Arbitrary Code Injection via Gemfile Sources
collectiveidea.com · 2025-11-20

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2016-7954 - **Affected Scope**: All stable versions of Bundler - **Vulnerability Description**: Attackers can inject arbitrary code th…

Read more
Analysis of Potential Vulnerabilities in WebAssembly Store Memory Management and Async Execution
docs.rs · 2026-02-25

### Critical Vulnerability Information #### 1. **Store Management** - **Store Lifetime Issues**: The `Store` struct is intended as a short-lived object, but it holds references to long-lived objects l…

Read more
Langflow CVE-2025-34291: Account Takeover and RCE via CORS Misconfiguration
www.obsidiansecurity.com · 2025-12-06

### CVE-2025-34291: Critical Account Takeover and RCE Vulnerability in the Langflow AI Agent & Workflow Platform #### Executive Summary - **Vulnerability Chain in Langflow**: A critical vulnerability …

Read more
icAnsToUrt08 Heap Buffer Overflow Vulnerability (CVSS 9.8) and Patch Details
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Name:** HBO in icAnsToUrt08 (Heap Buffer Overflow) **Summary:** * **Type:** Heap Buffer Overflow (HBO) and Remote Code Execution (RCE). * **Description:** Thi…

Read more
AlchemyCMS Authenticated RCE via Eval Injection (CVE-2026-23885)
github.com · 2026-01-20

### Vulnerability Overview - **Vulnerability Type**: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper - **Severity**: Moderate (6.6/10) - **Affected Versions**: 7.4.11, …

Read more
SUSE inst-source-utils Local Privilege Escalation (CVE-2012-0427) Advisory
support.novell.com · 2025-11-20

### Key Information #### Upstream Information - **CVE ID**: CVE-2012-0427 - **Description**: yast2-add-on-creator in SUSE inst-source-utils version 2008.11.26 (prior to 2008.11.26-0.9.1 and 2012.9.13-…

Read more
CVE-2024-5324: Vulnerability in WordPress WooCommerce Plugins and Patch Details
www.wordfence.com · 2025-11-07

### Key Information - **CVE:** CVE-2024-5324 - **CVSS:** 8.8 (High) - **Public Release Date:** June 5, 2024 - **Last Updated:** July 15, 2024 - **Researcher:** 1337_Wannabe - home - **Affected Softwar…

Read more
WordPress DearFlip Reflected XSS Vulnerability (CVE-2024-8717) Advisory
www.wordfence.com · 2024-10-26

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer - DearFlip <= 2.3.32 - Reflected …

Read more
VMware VMCI use-after-free fix in vmci_resource_remove
git.kernel.org · 2024-09-19

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: VMCI: Fix use-after-free when removing resource in v…

Read more
flatpak-builder CVE-2026-39977 Path Traversal Arbitrary File Read Vulnerability with PoC
github.com · 2026-04-10

### Vulnerability Overview * **CVE ID**: CVE-2026-39977 * **Title**: Path traversal leading to arbitrary file read on host when installing licence files * **Severity**: High * **Description**: flatpak…

Read more
CVE-2026-26220: Unauthenticated RCE via Pickle Deserialization in LightLLM
github.com · 2026-02-21

# CVE-2026-26220: Unauthenticated RCE via Pickle Deserialization in PD WebSocket Endpoints ## Summary - **CVE**: CVE-2026-26220 - **CVSS 4.0**: 9.3 Critical (AV:N/AC:L/AT:N/PR:N/UI:N/N:VC:H/VI:H/VA:H/…

Read more
Personnel Record Management System SQL Injection Vulnerability and Auth Bypass POC
github.com · 2026-04-06

# Personnel Record Management System SQL Injection Vulnerability ## Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | Personnel Record Management System SQL Injection Vu…

Read more
ManageEngine Password Manager Pro 8.1 SQL Injection Vulnerability
seclists.org · 2025-11-07

- **Vulnerability**: ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability - **Author**: Blazej Adamczyk - **Date**: 2015-06-30 - **Vendor**: ManageEngine - **Link**: [Link to Download Sit…

Read more
Fix: Tool name normalization and conflict detection in media transfer
github.com · 2026-04-21

### Vulnerability Overview This vulnerability involves improper normalization of tool names during the tool media delivery process, leading to potential security risks. Specific manifestations include…

Read more
The Rat CMS Pre-Alpha 2 SQL Injection and XSS Vulnerabilities (CVE-2008-5163/5164)
securityreason.com · 2025-11-11

### Critical Vulnerability Information - **Vulnerability Description** - **Type**: SQL Injection and Cross-Site Scripting (XSS) - **Application**: The Rat CMS - **Version**: Pre-Alpha 2 - **Vulnerabil…

Read more
Path Traversal Vulnerability Fix in LocalFolderExtractor
github.com · 2026-04-21

# Vulnerability Summary ## Vulnerability Overview In the `LocalFolderExtractor` class, there is a path traversal vulnerability during file extraction. An attacker can craft malicious paths to cause fi…

Read more
itsourcecode Payroll Management System Stored XSS via page parameter
github.com · 2026-04-02

# itsourcecode Payroll Management System XSS 漏洞报告 #5 ### 漏洞概述 * **产品名称:** Payroll Management System * **漏洞类型:** 跨站脚本 (Cross-site Scripting, XSS) * **描述:** 在 Payroll System 管理面板中识别出一个 XSS 漏洞。攻击者可通过 `pa…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.