Aggregator

基于 Vue + SpringBoot 构建的前后端分离的 Java 安全靶场，正式开源分享，内容丰富、持续更新、欢迎体验。

漏洞描述CAI 是一个人工智能安全的框架。在包括0.5.10版本及之前的版本中，CAI 框架的函数工具中包含多个参数注入漏洞。用户控制的输入通过“subprocess”直接传递给shell命令。Popen（）' 带有 'shell=True'，允许攻击者在主机系统上执行任意命令​漏洞影响评分：9.7版本：<=0.5.10漏洞分析攻击者创建一个看似正常的网络安全博客页面，将恶意指令隐藏在HTM

DeepChat FilePresenter 组件未校验路径参数，导致通过 ../ 路径遍历可读写 userData 目录外任意文件，包括明文存储的 API 密钥。

Специалисты Google зафиксировали рост числа попыток кражи «мозгов» ИИ-моделей.

本届 LilacCTF 2026由XCTF联赛的合作单位哈尔滨工业大学 Lilac 战队组织，由赛宁网安提供技术支持。作为第十届XCTF国际联赛的分站赛，本次比赛将采用在线网络安全夺旗挑战赛的形式，面向全球开放

本文章主要记录cyberstrikelab的lab15打靶过程

本文通过 IDA 反汇编代码与 GDB 调试深度分析了 Cpp 常见 STL 容器的底层结构，结合长城杯的一道例题重点利用了 unordered_map 容器的特性进行了漏洞攻击

MHT：时间在流动！时间在流动！在跳舞！木大木大木大木大木大！

Pragyan CTF 2026 解题思路分享。比赛于北京时间2月8日21点结束，以下是我在两天内独立完成的部分题目的详解。

内容管理系统的完整审计过程

瀑布内容管理系统 是一款基于Java技术栈开发的企业级内容管理平台。

Nullbyte渗透靶场精讲，涉及信息收集，Hydra表单暴力破解，John md5哈希暴力破解，SQL注入多种利用，suid可执行文件利用提权，值得研究和学习。

复现最新的漏洞Dokploy RCE (CVE-2026-24841)

Accel-Led Funding Round Fuels AI-Native Detection and Response
Vega raised $120 million led by Accel to expand its AI-native security operations platform. The funding will boost product development and global go-to-market efforts as enterprises seek faster threat detection, broader analytics and support for complex multi-cloud and on-premises environments.

A vulnerability categorized as problematic has been discovered in Wix Web Application. This vulnerability affects unknown code of the component SVG Image Parser. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-2276. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0 prior 3.022.03. It has been rated as problematic. This affects an unknown part of the component Firmware Update Handler. Performing a manipulation results in download of code without integrity check. This vulnerability is known as CVE-2025-15575. The attack may be carried out on the physical device. No exploit is available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0 prior 3.022.03. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. Such manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-15574. The attack can be executed directly on the physical device. There is no exploit available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component MQTT Handler. This manipulation causes improper certificate validation. This vulnerability appears as CVE-2025-15573. The attack may be initiated remotely. There is no available exploit.

根据发表在《Current Biology》期刊上的一项研究，人类和其它动物的总能量消耗受到限制。这种能量支出模型被称为约束模型，约束模型认为人体的总能量预算是有限的，并会努力维持在一个相对稳定的区间内。当我们通过体育锻炼显著增加能量输出时，身体会悄悄减少其他方面的能量开支进行补偿，例如降低基础代谢率、睡眠时代谢率或减少用于细胞修复、免疫等内部生理活动的能量。研究人员认为，约束模型可能源于远古祖先的生存策略：在食物不稳定的时代，过度消耗能量会危及生命，因此身体进化出总能量控制系统，确保总支出稳定在安全区间。这解释了为什么现代人即使每天多跑几公里，体重减轻也往往缓慢。