Aggregator

A vulnerability marked as critical has been reported in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2025-12327. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. This vulnerability is reported as CVE-2025-12326. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Hessian2反序列化

快速部署扫描环境集群，加快打点速度

该文章主要介绍了CodeQL中关于污点跟踪源点（source）的实现逻辑，特别是针对Java扫描套件中的实现。

继CVE-30065和46762之后升级到Apache Parquet 1.15.2版本，如果存在"specific" 或 "reflect" 模型读取Parquet 文件的代码，仍然存在危险。

9月17日，用友安全中心发布了U8cloud所有版本IPFxxFileService任意文件上传漏洞的安全公告，全部版本存在任意文件上传漏洞，进而可以上传webshell控制系统权限。本文对该漏洞进行了分析和复现。

Cyber insurance is no longer just a safety net; it’s a catalyst for change. With premiums climbing and coverage shrinking, insurers are forcing organizations to modernize security operations, embrace AI-driven risk quantification, and tighten governance. Here’s how forward-looking leaders are turning insurance pain into long-term resilience. 

The post The Cyber Insurance Crunch: Turning Rising Premiums Into Security Wins  appeared first on Security Boulevard.

A vulnerability identified as critical has been detected in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is documented as CVE-2025-12325. The attack can be initiated remotely. Additionally, an exploit exists.

本文通过逆向分析某App，解析x-bili-trace-id、Authorization及key等核心请求参数的生成机制，结合Jadx静态分析与Frida动态Hook技术，揭示其加密逻辑。

唯一一个困难pwn题，难是真难，为期2天的比赛总共只有11只队伍解出，该题是glibc-2.41下的题目，总共3个难点：如何绕过图像校验？如何在受限情况下进行堆利用？受限情况下如何劫持执行流？对于前半，本文将介绍完整的深入分析复杂流程的过程，对于后半，本文将结合glibc2.41源码来介绍fastbin+tcachebin的组合利用技巧，和exit中攻击向量。

N1CTF Junior re pyramid

Wordfence says threat actors are trying to exploit three critical vulnerabilities from 2024

汉化与免杀处理

面向开发者、AI工程师及技术决策者开放
除主论坛（大模型、物理 AI、机器人）和三大技术分论坛外，还将开放免费 NVIDIA Certified Associate（NCA）级别认证考试，常规费用960 元，参与本次活动将全额免除。
开放科目（三选一）： NCA-GENL：生成式 AI / 大语言模型开发 NCA-GENM：多模态生成式 AI（文本/图像/音频） NCA-AIIO：AI 基础设施与运维
名额有限，仅100个免费席位，抓紧报名
报名地址：https://developer.nvidia.cn/developer-day?ncid=pa-so-zdn-510609-vt16

大型语言模型安全；对抗性机器学习

通过一次比赛来初识内容安全

大模型部署安全建设指南

项目地址 https://github.com/DERE-ad2001/Frida-Labs

先知防再学攻。本篇文章针对OLLVM进行详细解析，旨在让读者在逆向过程中遇到此类情形不会迷茫。后续会针对此类问题提出相应的解决方案。