Aggregator

A vulnerability classified as very critical was found in Microsoft Windows. This impacts an unknown function of the component CNG Key Isolation Service. Executing manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2022-41125. The attack may be performed from remote. In addition, an exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in Kingsoft WPS Office up to 12.2.0.13489 on Windows and classified as critical. This issue affects some unknown processing of the file promecefpluginhost.exe of the component Hyperlink Handler. The manipulation results in path traversal. This vulnerability is known as CVE-2024-7262. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability was found in Versa Director and classified as critical. This vulnerability affects unknown code of the component Change Favicon Option. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2024-39717. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]

分享阿里AI安全挑战赛三赛道实战经验，深入剖析大模型推理攻防、业务漏洞挖掘与安全产品绕过技术。

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified.

本文深入探讨四种主流C2通信协议的技术实现与流量伪装策略，涵盖HTTPS加密传输、mTLS双向认证、WebSocket全双工通信及DNS隧道隐蔽控制，结合Go语言实例分析其对抗检测机制。

Go语言作为云原生时代的主流编程语言，其应用范围已覆盖容器编排、微服务架构、区块链平台等关键基础设施。随着Go项目在生产环境中的广泛部署，针对Go代码的安全测试需求愈发迫切。传统的AFL、libFuzzer等模糊测试工具主要针对C/C++项目设计，无法直接应用于Go语言生态。 本文系统分析Go语言模糊测试的技术演进路径，从第三方工具go-fuzz到官方工具链go test -fuzz的完整技术方

这篇文章开始给师傅们演示了下资产收集的过程，从对一个目标站点的信息收集再到对该资产站点的渗透测试，给师傅们分享了几个RCE漏洞的过程，还有之前一个前台SQL注入的案例，包括后面利用JS接口文档，找到对应的阿里云AK/SK泄露，再利用CF进行root权限接管，还有就是JWT爆破相关导致未授权的漏洞，最后面给师傅们分享下隐私合约的漏洞。

大华智慧园区综合管理平台审计

开放签电子签章系统审计

OpenAI confirmed that it shipped an update on October 5, which allows GPT-5 to better handle sensitive conversations, especially when a user is experiencing emotional or mental distress. [...]

最近，spring cloud getway 又出了一个10.0分的 SpEL漏洞 这个漏洞和之前的CVE-2022-22947漏洞一样 依然是在热更新路由时触发表达式执行 之前的漏洞不是已经修复的非常完美了吗，为什么还能继续利用呢？

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅