PEAKLIGHT: слоёный пирог из обфускации парализует защиту корпоративных сетей
Автоматизированная система заражения гибко подстраивается под любые механизмы безопасности.
Aggregator
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
2 months 4 weeks ago
WASP-166 b: планета-аномалия нарушает все законы формирования атмосфер
2 months 4 weeks ago
Астрономы ломают голову над формулой необычной газовой оболочки.
Self-changing Data Type - CVE-2024-40676 漏洞分析
2 months 4 weeks ago
error code: 521
Self-changing Data Type - CVE-2024-40676 漏洞分析
2 months 4 weeks ago
作者:canyie
原文链接:https://blog.canyie.top/2024/11/07/self-changing-data-type/
今年 10 月份的时候,Android 安全公告用 CVE-2024-40676 的编号公布了一个很奇怪的 patch。
AccountManagerService checkKeyIntent() 负责检查 account authent...
Everest
2 months 4 weeks ago
cohenido
RansomHub
2 months 4 weeks ago
cohenido
复旦白泽天梯多轮对话专项天梯结果出炉
2 months 4 weeks ago
【2025年多轮对话专项赛简况】本次赛集共包含100道测试问题集,围绕“犯罪行为”主题,每个问题集包含4-5个小问题,用于与大模型进行多轮交互。基于上述基准测试集,我们已对国内外32款知名商用大模型的
复旦白泽天梯多轮对话专项天梯结果出炉
2 months 4 weeks ago
首次!欧盟官方因违反数据保护法规向用户赔偿3000元
2 months 4 weeks ago
关注我们带你读懂网络安全欧盟法院首次因违反GDPR数据保护法规对欧盟官方处罚。前情回顾·网络安全事故赔偿因非法收集共享用户隐私数据,这家医疗公司赔偿超1.8亿元因泄露超23.5万患者数据,地方医疗机构
AI Agents越来越火,它可能存在一个严重安全隐患
2 months 4 weeks ago
关注我们带你读懂网络安全未来AI代理和老爷爷的共同点:都可能被网络钓鱼诈骗;如果AI代理真正实现大规模市场吸引力,它们可能会为身份管理市场带来棘手难题。前情回顾·新技术旧安全一句话让大模型聊天助手主动
首次!欧盟官方因违反数据保护法规向用户赔偿3000元
2 months 4 weeks ago
欧盟委员会向美国传输了受影响者的IP数据
AI Agents越来越火,它可能存在一个严重安全隐患
2 months 4 weeks ago
身份管理令人担忧
YAK-SSA,古希腊掌管PHP代码审计的神
2 months 4 weeks ago
之前的文章中曾为大家简单介绍过线上代码审计平台ssa.to今天牛牛就来为大家详细介绍一下如何用ssa进行PHP的代码审计tp封装的辅助参数,I/request方法thinkphp中的封装了请求对象,$
YAK-SSA,古希腊掌管PHP代码审计的神
2 months 4 weeks ago
之前的文章中曾为大家简单介绍过线上代码审计平台ssa,为大家详细介绍一下如何用ssa进行PHP的代码审计。
LDAPNightmare: эксплойт Windows оказался ловушкой для ИБ-специалистов
2 months 4 weeks ago
Обновления породили нового троянского коня для Microsoft.
CVE-2023-28120 | activesupport Gem on Ruby cross site scripting
2 months 4 weeks ago
A vulnerability classified as problematic has been found in activesupport Gem on Ruby. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2023-28120. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-27531 | Kredis Gem up to 1.3.0.0 on Ruby deserialization
2 months 4 weeks ago
A vulnerability has been found in Kredis Gem up to 1.3.0.0 on Ruby and classified as problematic. This vulnerability affects unknown code. The manipulation leads to deserialization.
This vulnerability was named CVE-2023-27531. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-28362 | actionpack Gem on Ruby redirect_to cross site scripting
2 months 4 weeks ago
A vulnerability was found in actionpack Gem on Ruby and classified as problematic. This issue affects the function redirect_to. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2023-28362. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-13238 | Drupal Typogrify up to 1.2.x cross site scripting (trib-2024-002)
2 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Drupal Typogrify up to 1.2.x. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-13238. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com