Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
CVE-2025-61454: Reflected XSS in Ecommerce 1.0 search.php
github.com · 2025-10-20

### Key Information Summary #### Vulnerability Overview - **CVE ID**: CVE-2025-61454 - **Disclosure Date**: October 13, 2025 - **Severity**: MEDIUM (CVSS v3.1 Score: 6.1) - **Vulnerability Type**: Ref…

Read more
Pre-Auth RCE in ChurchCRM <=5.18.0 Setup Wizard via Unsafe String Replacement
github.com · 2025-10-19

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Pre-authentication Remote Code Execution (RCE) - **Affected Product**: ChurchCRM versions getParsedBody(); // Lines 40-45: Dir…

Read more
SourceCodester Eye Clinic Management System V1.0 SQL Injection in search_index_Diagnosis.php
vuldb.com · 2025-09-02

### Key Information - **Vulnerability Title**: SourceCodester Eye Clinic Management System V1.0 SQL Injection - **Description**: - During a security review of "Eye Clinic Management System in PHP With…

Read more
LLaMA Factory WebUI RCE via torch.load in Checkpoint Path (<=0.9.3)
github.com · 2025-07-06

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Versions**: <=0.9.3 - **Fixed Version**: 0.9.4 - **Severity**: High (CVSS v3.1: 8.3/1…

Read more
Linux Kernel Crash Fix: CONFIG_FORCE_NR_CPUS=y nr_cpu_ids Mismatch in RCU Tasks
git.kernel.org · 2024-10-24

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - **Issue Description**: For kernels compiled with `CONFIG_FORCE_N…

Read more
Cisco FTD Snort 3 Detection Engine Bypass Vulnerability (CVE-2024-20407)
sec.cloudapps.cisco.com · 2024-10-26

### Key Information 1. **Vulnerability Description**: - **Vulnerability Name**: Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability - **Vulnerability ID**: cisco-…

Read more
Tencent FaceDetection-DSFD Deserialization RCE Vulnerability (CVE-2025-13715)
www.zerodayinitiative.com · 2025-12-29

### Vulnerability Key Information - **Title**: - Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - ZDI-25-1183 - ZDI-CAN-27197 - **CVE…

Read more
CVE-2010-0821: Microsoft Office Excel SxView Record Parsing RCE Vulnerability
www.zerodayinitiative.com · 2025-11-07

- **Advisory ID**: ZDI-10-104 - **CVE ID**: CVE-2010-0821 - **CVSS Score**: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) - **Affected Vendor**: Microsoft - **Affected Product**: Office Excel - **Vulnerability Ty…

Read more
CVE-502: RCE via Unsafe Pickle Deserialization in Async Inference Pipeline
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability ID**: CVE-502 (Deserialization of Untrusted Data) - **Description**: In the asynchronous inference pipeline, there exist unsafe calls to `pickle.l…

Read more
Atlassian April 2026 Security Bulletin: 31 High/Critical CVEs including RCE in Confluence
confluence.atlassian.com · 2026-04-22

# Atlassian Security Bulletin Summary – April 21, 2026 ## Vulnerability Overview This security bulletin includes **31 high-severity vulnerabilities** and **7 critical vulnerabilities**, affecting mult…

Read more
Composer CVE-2024-45261 Command Injection via Perforce Source Reference
github.com · 2026-04-18

# Vulnerability Overview **Title**: Command injection via malicious Perforce source reference/url **CVE ID**: CVE-2024-45261 **Severity**: High (8.8 / 10) **Description**: Composer has a command injec…

Read more
LangChain langchain-core Prompt Template Attribute Access Vulnerability Leading to RCE and Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Prompt Template component of the LangChain core library (`langchain-core`). Attackers can access high-risk P…

Read more
SourceCodester Online Food Ordering System v1.0 Business Logic Flaw: Negative Price Input Validation Bypass
github.com · 2026-04-09

### Vulnerability Overview * **Vulnerability Type**: Business Logic Error / Improper Input Validation * **Vendor**: SourceCodester * **Product**: Online Food Ordering System * **Version**: 1.0 * **Aff…

Read more
Command Injection in stata_do Leading to RCE via subprocess shell=True
github.com · 2026-04-09

### Vulnerability Overview This vulnerability exists in the `stata_do` tool and is classified as a **Command Injection** vulnerability. * **Root Cause**: The server directly executes user-provided or …

Read more
cl4ms Fileeditor Auth Bypass and RCE via Unvalidated Path Access
github.com · 2026-04-09

# Fileeditor Authorization Bypass Vulnerability Summary ## Vulnerability Overview The Fileeditor controller defines a `$hiddenItems` array containing sensitive paths (e.g., `.env`, `composer.json`, `v…

Read more
SSTI to RCE in agent.py Text Processing Component via Jinja2
github.com · 2026-04-04

# Vulnerability Summary: Server-Side Template Injection (SSTI) in Agent "Text Processing" Component ## Vulnerability Overview * **Vulnerability Type**: Server-Side Template Injection (SSTI) leading to…

Read more
MB connect line mbCONNECT24 Multiple Vulnerabilities: RCE, SQLi, Unauth Access (CVE-2026-2813)
certvde.com · 2026-04-02

# MB connect line Multiple Vulnerabilities (VDE-2026-030) ### Summary Multiple vulnerabilities have been identified in **mbCONNECT24** and **mymbCONNECT24** products from MB connect line, potentially …

Read more
SourceCoderster/Mayuri_L 1.0 Access Control Bypass in ajax.php (CVE-2026-5330)
vuldb.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Name:** SourceCoderster/mayuri_l Best Courier Management System 1.0 User Delete AJAX.PHP? Action=Delete_User ID Access Control **CVE ID:** CVE…

Read more
Mbed TLS CVE-2026-34874 Null Pointer Dereference Leading to RCE
mbed-tls.readthedocs.io · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **CVE ID** | CVE-2026-34874 | | **Title** | Null pointer dereference when setting a distinguished n…

Read more
SQL Injection in WordPress ELEX WooCommerce Advanced Bulk Edit Plugin (CVE-2025-XXXX)
patchstack.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attribute…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.