通过做题快速建立逆向框架,理解逆向在其他不同方向的作用
逆向是一个核心技能,我们通过刷题,理解逆向在其他方向中的作用
Aggregator
SLH
2 months 1 week ago
You must login to view this content
cohenido
PyTorch 最新版本反序列化漏洞分析
2 months 1 week ago
PyTorch因torch.load硬编码weights_only=False,导致加载恶意.pt2文件可触发pickle任意代码执行。
Critical Telnet Server Flaw Exposes Forgotten Attack Surface
2 months 1 week ago
While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.
Rob Wright
CVE-2026-1053 | Ivory Search Plugin up to 5.5.13 on WordPress Setting menu_gcse/nothing_found_text cross site scripting
2 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Ivory Search Plugin up to 5.5.13 on WordPress. This issue affects some unknown processing of the component Setting Handler. The manipulation of the argument menu_gcse/nothing_found_text leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-1053. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-68840 | iRobots.txt SEO Plugin up to 1.1.2 on WordPress cross site scripting
2 months 1 week ago
A vulnerability classified as problematic was found in iRobots.txt SEO Plugin up to 1.1.2 on WordPress. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting.
This vulnerability is handled as CVE-2025-68840. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-68836 | Table of Contents Creator Plugin up to 1.6.4.1 on WordPress cross site scripting
2 months 1 week ago
A vulnerability classified as problematic has been found in Table of Contents Creator Plugin up to 1.6.4.1 on WordPress. This affects an unknown part. Performing a manipulation results in cross site scripting.
This vulnerability is known as CVE-2025-68836. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-68848 | amr cron manager Plugin up to 2.3 on WordPress cross site scripting
2 months 1 week ago
A vulnerability described as problematic has been identified in amr cron manager Plugin up to 2.3 on WordPress. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-68848. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-69189 | JobBank Plugin up to 1.2.3 on WordPress authorization
2 months 1 week ago
A vulnerability marked as critical has been reported in JobBank Plugin up to 1.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation causes missing authorization.
This vulnerability appears as CVE-2025-69189. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-1381 | Order Minimum Maximum Amount Limits for WooCommerce Plugin Setting cross site scripting
2 months 1 week ago
A vulnerability labeled as problematic has been found in Order Minimum Maximum Amount Limits for WooCommerce Plugin up to 4.6.8 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2026-1381. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-1054 | RegistrationMagic Plugin up to 6.0.7.4 on WordPress Setting rm_set_otp authorization
2 months 1 week ago
A vulnerability identified as problematic has been detected in RegistrationMagic Plugin up to 6.0.7.4 on WordPress. This impacts the function rm_set_otp of the component Setting Handler. The manipulation leads to missing authorization.
This vulnerability is documented as CVE-2026-1054. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-1389 | Document Embedder Plugin up to 2.0.4 on WordPress ID resource injection
2 months 1 week ago
A vulnerability categorized as problematic has been discovered in Document Embedder Plugin up to 2.0.4 on WordPress. This affects the function bplde_save_document_library/bplde_get_single/bplde_delete_document_library. Executing a manipulation of the argument ID can lead to improper control of resource identifiers.
This vulnerability is registered as CVE-2026-1389. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-1400 | AI Engine Plugin up to 3.3.2 on WordPress rest_helpers_update_media_metadata filename unrestricted upload
2 months 1 week ago
A vulnerability was found in AI Engine Plugin up to 3.3.2 on WordPress. It has been rated as critical. The impacted element is the function rest_helpers_update_media_metadata. Performing a manipulation of the argument filename results in unrestricted upload.
This vulnerability is cataloged as CVE-2026-1400. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-14988 | iba Systems ibaPDA 8.12.0 permission assignment (icsa-26-027-01)
2 months 1 week ago
A vulnerability was found in iba Systems ibaPDA 8.12.0. It has been declared as very critical. The affected element is an unknown function. Such manipulation leads to incorrect permission assignment.
This vulnerability is listed as CVE-2025-14988. The attack may be performed from remote. There is no available exploit.
vuldb.com
记一次EDU证书站挖掘
2 months 1 week ago
记一次EDU证书站挖掘,此次挖掘涉及到了两个站点信息的交互以及AI辅助生物识别的校验绕过,比较有意思,故分享
When Hospitals Go Dark and Browsers Turn Rogue
2 months 1 week ago
At 6:32 a.m., a hospital in Belgium pulled the plug on its own servers. Something was already inside the network, and no one could say how far it had spread. By mid-morning, scheduled procedures were canceled. Critical patients were transferred out with help from the Red Cross. Staff went back to paper. Emergency services ran at reduced […]
The post When Hospitals Go Dark and Browsers Turn Rogue appeared first on ColorTokens.
The post When Hospitals Go Dark and Browsers Turn Rogue appeared first on Security Boulevard.
Tanuj Mitra
CVE-2026-1506 | D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac os command injection
2 months 1 week ago
A vulnerability was found in D-Link DIR-615 4.10. It has been classified as critical. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is tracked as CVE-2026-1506. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-1505 | D-Link DIR-615 4.10 URL Filter /set_temp_nodes.php os command injection
2 months 1 week ago
A vulnerability was found in D-Link DIR-615 4.10 and classified as critical. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is identified as CVE-2026-1505. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
OpenSSL security advisory (AV26-058)
2 months 1 week ago
Canadian Centre for Cyber Security
CVE-2025-12810 | Delinea Secret Server On-Prem 11.8.1/11.9.6/11.9.25 Password Rotation improper authentication
2 months 1 week ago
A vulnerability has been found in Delinea Secret Server On-Prem 11.8.1/11.9.6/11.9.25 and classified as critical. This vulnerability affects unknown code of the component Password Rotation Module. The manipulation leads to improper authentication.
This vulnerability is referenced as CVE-2025-12810. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com