Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 673— Search: RCE×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Order Notification for WooCommerce Unauthenticated Access Vulnerability with POC
wpscan.com · 2026-04-02

### Vulnerability Overview This vulnerability exists in the **Order Notification for WooCommerce** plugin. The plugin incorrectly overrides WooCommerce's permission check mechanism, allowing attackers…

Read more
FreeScout CVE-2026-27636 Authenticated RCE via .htaccess File Upload
github.com · 2026-02-25

# Critical Vulnerability Information ## Vulnerability Overview The file upload restriction list in FreeScout does not include `.htaccess` and `.user.ini` files. On Apache servers configured with `Allo…

Read more
CVE-2026-2983: File Access Control Vulnerability in SourceCodester Student Result Management System
vuldb.com · 2026-02-23

### Key Information - **Vulnerability ID**: CVE-2026-2983, VDB-347366, GCVE-100-347366 - **System**: SourceCodester Student Result Management System 1.0 - **File Path**: /admin/core/import_users.php -…

Read more
MCMS 6.1.1 Template Upload Conditional Race Condition RCE
github.com · 2026-02-21

**Vulnerability Summary:** - **Vulnerability ID:** #11 - **Product:** MCMS (Mingfei CMS) - **Affected Version:** 6.1.1 - **Vulnerability Type:** Conditional Flaw (Conditional Competition) - **Risk Lev…

Read more
IoT Devices CVE Summary: RCE, XSS, SQLi, Supply Chain
chocapikk.com · 2026-02-21

### Vulnerability Key Information Summary #### 1. Vulnerability Type and Description - **CVE-2023-50917: Console Eval RCE** - Type: Remote Code Execution (RCE) - Cause: Unauthorized users can exploit …

Read more
Zarinpal WooCommerce Plugin Improper Access Control Vulnerability (CVE-2026-2592)
www.wordfence.com · 2026-02-21

## Critical Vulnerability Information ### Vulnerability Summary - **CVE**: CVE-2026-2592 - **CVSS**: 7.7 (High) - **CVSS V3 Rating**: 3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H ### Description The Zarinp…

Read more
Milvus CVE-2026-26190: Unauth Access on Port 9091 Leads to RCE
github.com · 2026-02-21

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise - **Severity**: Critica…

Read more
Vulnerability Report: RCE, IDOR, Broken Access Control, XSS
github.com · 2026-02-09

## Vulnerability Summary ### 1. Vulnerability Types - **RCE (Remote Code Execution)**: Allows attackers to upload malicious files and execute arbitrary code. - **IDOR (Insecure Direct Object Reference…

Read more
SourceCodester Gas Agency Management System 1.0 Improper Access Control Vulnerability (CVE-2026-2009)
vuldb.com · 2026-02-06

- **Vulnerability ID:** VDB-344591 (CVE-2026-2009) - **Affected Product:** SourceCodester Gas Agency Management System 1.0 - **Vulnerability Type:** Access Control - **CVSS Score:** 5.7 - **Exploit Pr…

Read more
SourceCodester Gas Agency Management System 1.0 Improper Access Control
vuldb.com · 2026-02-06

- **Title**: SourceCodester Gas Agency Management System 1.0 Improper Access Controls - **Description**: The SourceCodester Gas Agency Management System contains an improper access control vulnerabili…

Read more
NVIDIA GeForce HD Audio Driver NULL Pointer Dereference Vulnerability (CVE-2025-33237)
www.cve.org · 2026-01-29

### Key Information - **CVE ID**: CVE-2025-33237 - **Release Date**: 2026-01-28 - **Update Date**: 2026-01-28 - **CNA**: Nvidia Corporation - **Vulnerability Description**: A vulnerability exists in t…

Read more
SourceCodester Medical Certificate Generator CSRF Vulnerability (CVE-2026-1745) with PoC
github.com · 2026-02-02

## CVE-2026-1745 - Cross-Site Request Forgery (CSRF) - Arbitrary Medical Certificate Deletion ### Product Information - **Product Name**: SourceCodester Medical Certificate Generator Application - **V…

Read more
vLLM CVE-2026-22778 Critical RCE via Video Processing
github.com · 2026-02-03

### Key Information #### Vulnerability Overview - **Title**: vLLM RCE in Video Processing - **CVE ID**: CVE-2026-22778 - **Severity**: Critical (CVSS: 9.8/10) - **Affected Versions**: >= 0.8.3, = 0.8.…

Read more
Sangfor OSM Unauthenticated RCE via getHis Interface (CVE)
github.com · 2026-01-20

### Key Information Summary #### Vulnerability Overview - **CVE**: Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via getHis Interface - **Product**: Sangfor (深信服) - **Product Name**: O…

Read more
GoSign Desktop TLS Certificate Verification Bypass and RCE Vulnerability Analysis
securityaffairs.com · 2025-11-18

## Vulnerability Key Information ### Vulnerability Overview - **Software**: GoSign Desktop - **Version**: 2.4.0 (Windows, Linux, macOS) - **Discovery Date**: November 2025 ### Vulnerability Details ##…

Read more
tvOS 16 Security Update: Kernel Privilege Escalation and Accelerate Framework RCE Fixes
support.apple.com · 2025-11-14

### Key Information about tvOS 16 Vulnerabilities **Release Date**: September 12, 2022 #### Vulnerability Details - **Accelerate Framework** - **Impact**: Processing maliciously crafted images may lea…

Read more
InHand Networks InRouter Vulnerability Advisory: RCE, Command Injection, and Improper Access Control
www.cisa.gov · 2025-11-13

- **CVSS v3 Score:** 10.0 - **Attention:** Exploitable remotely/low attack complexity - **Vendor:** InHand Networks - **Equipment:** InRouter302, InRouter615 - **Vulnerabilities:** - Clear Text Transm…

Read more
Human Resource Information System 1.0 login_process.php SQL Injection
vuldb.com · 2025-11-14

### Key Information - **Title**: https://www.sourcecodester.com Human Resource Information System 1.0 SQL Injection - **Description**: - SQL injection vulnerability in the `initialize/login_process.ph…

Read more
CA Total Defense Suite DeleteReports Stored Procedure SQL Injection Leads to RCE (CVE-2011-1653)
www.zerodayinitiative.com · 2025-11-11

``` - **Date**: April 13th, 2011 - **ID (ZDI)**: - ZDI-11-133 - ZDI-CAN-1043 - **CVE ID**: CVE-2011-1653 - **CVSS Score**: 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C - **Affected Vendors**: CA - **Affected Prod…

Read more
KERUI K259 Camera TF Card Physical Access RCE via update.nor.sh
gist.github.com · 2025-11-11

## Vulnerability Key Information ### Summary KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability located in the boot/update logic. During start…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.