Aggregator

A vulnerability was found in md2roff 1.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2022-34913. Access to the local network is required for this attack to succeed. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in Apache JetSpeed. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2022-32533. The attack may be initiated remotely. There is no exploit available. It is recommended to change the configuration settings.

A vulnerability classified as problematic has been found in Zabbix up to 5.0.24. Affected is an unknown function of the component Discovery Page. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-35229. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. Affected by this vulnerability is an unknown functionality of the component WebRTC. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2022-2294. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component HTML. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-4096. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component DevTools. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-4050. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component DevTools. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-4051. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component DevTools. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2025-4052. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Zabbix up to 5.0.24. Affected by this issue is some unknown functionality of the component Link Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-35230. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Magnolia CMS 6.2.19. It has been rated as problematic. This issue affects some unknown processing of the component Edit Contact Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-33098. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Microsoft Edge. This vulnerability affects unknown code of the component WebRTC. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2022-2294. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in MPlayer 1.5/2.c. Affected by this issue is some unknown functionality of the file libvo/vo_v4l2.c of the component File Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-32317. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Grafana up to 8.3.9/8.4.9/8.5.8/9.0.2. It has been classified as problematic. This affects an unknown part of the component Unified Alerting. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-31097. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Base64题目描述：如题 flag格式为HZNUCTF{}给ai写的HZNUCTF{ad162c-2d94-434d-9222-b65dc76a3最后加个2}2是手动爆的蛇年的本命语言题目描述：如题...flag的格式为HZNUCTF{}pyinstxtractor加uncompyle6组合拳得到源码解z3注意到显然是以字符＋字频格式排列的，共36个字符111111116257645365477

在当今的企业网络安全体系中，Active Directory（AD）扮演着至关重要的角色。它不仅是用户身份认证与权限控制的中枢神经，更是整个内网架构运作的基础。而其中最核心的组件——ntds.dit 数据库文件，则记录着整个域环境中的账号、组关系、密码哈希等关键数据。

/

剪枝相关原理和脚本

最近通过Fake CAPTCHA传播各种恶意软件的攻击活动非常频繁，详细分析通过Fake CAPTCHA传播XWorm RAT远控样本整个攻击链过程。

介绍2025国赛暨长城杯零解题目AWDP-TimeCapsule的完整题解，包括Fix和完整的Break过程

在渗透测试和高级对抗技术中， 父进程欺骗就是一种经典的进程伪装手段，能够使恶意进程在被监控时看起来是由合法的系统进程，比如 由 TrustedInstaller.exe 或 explorer.exe 启动，从而绕过基于行为的安全检测与防御系统。