Aggregator

3月│月报 谛听工控安全月报上线了，工信部的最新政策，3月发生的多起工控安全事件，谛听团队收集的最新攻击教据......更多安全资讯，请关注“谛听ditecting",每月更新!

Name: PlaidCTF 2025 (an PlaidCTF event.)
Date: April 4, 2025, 9 p.m. — 06 April 2025, 21:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://plaidctf.com/
Rating weight: 100.00
Event organizers: Plaid Parliament of Pwning

From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations.

GreyNoise has observed a significant spike in exploitation attempts against TVT NVMS9000 DVRs. This information disclosure vulnerability can be used to gain administrative control over affected systems. 

Apache Tomcat 11.0.3 - Remote Code Execution

YesWiki 4.5.1 - Unauthenticated Path Traversal

XWiki Platform 15.10.10 - Remote Code Execution

基于云计算技术理念的超融合系统，帮助制造企业实现提质增效。

原红三军团政委，红一方面军副总政委，中央军委参谋长，八路军前方总部参谋长，铁道部部长，全国政协副主席

原红三军团政委，红一方面军副总政委，中央军委参谋长，八路军前方总部参谋长，铁道部部长，全国政协副主席

AI代码生成器正让初级开发者丧失批判思维，埋下安全合规隐患。

"安全工具泛滥反成隐患！CISO深陷平台疲劳，整合才是出路。"

OT（Oblivious Transfer）是一种在密码学协议中广泛应用的技术，确保信息的选择性传输而不暴露选择意图。在 CTF 竞赛中，OT 机制常用于密码学攻击，尤其是基于 RSA 的变体（OTRSA），本文将对OT的原理展开详细的解释并应用于CTF解题中

A vulnerability, which was classified as critical, was found in LNbits up to 0.12.12. This affects an unknown part of the component LNURL Authentication. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-32013. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Eclipse ThreadX up to 6.4.1. Affected by this issue is some unknown functionality of the component NetXDuo. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2025-2258. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Eclipse ThreadX up to 6.4.1. Affected by this vulnerability is an unknown functionality of the component NetXDuo. The manipulation leads to incomplete cleanup. This vulnerability is known as CVE-2025-2260. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Eclipse ThreadX up to 6.4.1. Affected is an unknown function of the component NetXDuo. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-2259. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hex-Dragon PCL2 up to 2.9.2. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2025-31488. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenIDC mod_auth_openidc 2.4.15.2. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-31492. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.