Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This vulnerability affects unknown code of the component usb. Executing a manipulation of the argument num_connectors can lead to state issue. This vulnerability is registered as CVE-2025-71108. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. The affected element is the function inline_xattr_slab of the file mm/slab_common.c of the component f2fs. This manipulation causes improper update of reference count. This vulnerability appears as CVE-2025-71105. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.18.2/6.19-rc1 and classified as critical. This affects the function defer_free. Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-71110. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

Обнаружил. Сопроводил. Атаковал. Уничтожил.

Threat Actor Auctioning WordPress Admin Access to Spanish E-Commerce Site With REDSYS Payment Gateway and ~1,200 Monthly Card Orders

本文收集了软件安全赛2026线上初赛全部题的wp

A vulnerability described as critical has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. This vulnerability is listed as CVE-2026-5104. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. This vulnerability is tracked as CVE-2026-5103. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in wpchill Download Monitor Plugin up to 5.1.7 on WordPress. Impacted is the function executePayment. This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-3124. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. This vulnerability is identified as CVE-2026-5102. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in Yokogawa Electric CENTUM VP up to R5.04.20/R6.12.00/R7.01.00. This impacts an unknown function. The manipulation results in use of hard-coded password. This vulnerability is reported as CVE-2025-7741. The attack requires a local approach. No exploit exists. You should upgrade the affected component.

Теперь за безопасность отвечает функция, умеющая вовремя распознать чужую ловушку.

总结来说，Auto Login Skill 不只是一个自动化工具，它更是一种 AI 技能在网络安全领域的落地实践。 从自动识别系统到智能纠错，再到多技能联动，它展示了 AI 在渗透测试等网络安全任务中的巨大潜力（还比如钓鱼很多场景提效）。

近日，知名大模型网关工具 LiteLLM 遭遇供应链投毒，其 1.82.7和1.82.8 版本被植入恶意代码。由于该项目月下载量极高(近1亿月下载量)，且被 DSPy 等众多主流…

A vulnerability classified as critical was found in Oracle Primavera Unifier 18.8/19.12/20.12/21.12. This impacts an unknown function of the component User Interface. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2022-23457. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Oracle Financial Services Analytical Applications Infrastructure up to 8.1.0.0/8.1.1.0/8.1.2.0/8.1.2.1. Affected by this vulnerability is an unknown functionality of the component Others. Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2022-23457. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in ESAPI up to 2.2.x. It has been classified as critical. Impacted is the function Validator.getValidDirectoryPath. This manipulation causes path traversal. This vulnerability is handled as CVE-2022-23457. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0. It has been classified as very critical. This affects an unknown function of the component Centralized Third Party Jars. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2022-23457. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

skill介绍、skill使用、开发属于自己的skill。