Aggregator

nothing做着道题目实在是有点意思了，一开始以为这道题和2025DASCTF上半年，盛夏启幕火热竞技的一道题很像，准备打非预期爆出来，但显然出题人做了一些限制手段。简析题目恶心点在于，写入的太小了！！！啥都不知道。问了一下出题人的思路haha，没咋看懂，没用到它的思路，我没用到magic gadgets~~~大致思路首先肯定要栈迁移，然后再bss段上进行start函数，那么栈帧管理就在bss段

Самый полный скелет древнего предка показал, что 2 миллиона лет назад «первые люди» все еще жили на деревьях.

A vulnerability was found in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. It has been classified as critical. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulation of the argument File leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2026-1126. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in D-Link DIR-823X 250416 and classified as critical. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. This vulnerability is handled as CVE-2026-1125. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Yonyou KSOA 9.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2026-1124. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2026-1123. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2026-1122. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2026-1121. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-1120. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #735122 / VDB-341718

Submit #734966 / VDB-341717

Submit #734551 / VDB-341716

Submit #734550 / VDB-341715

Submit #734549 / VDB-341714

Submit #734548 / VDB-341713

Submit #734535 / VDB-341712

A vulnerability described as critical has been identified in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. This vulnerability is registered as CVE-2026-1119. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. This vulnerability is cataloged as CVE-2026-1118. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. “The Office of […]

Submit #734290 / VDB-341711