Aggregator

来自山东大学网络空间安全学院教授、博士生导师刁文瑞老师以《移动生态安全探索：从系统漏洞到大规模测量》为主题，分享了其团队在移动与物联网安全领域的研究进展与成果。报告聚焦于移动操作系统漏洞挖掘与大规模移

全是干货

看雪论坛作者ID：time.time

该方法是在一个银狐家族的样本中发现的，通过构造RPC数据包并发送请求至对应的RPC服务，能够绕过多个终端安全软件对CreatServices、NrdClientCall3等3环函数的Hook，从而规避

数字化时代，系统漏洞如同隐形的威胁，潜伏在企业网络的每个角落。0day漏洞的发现与利用，已成为黑客攻击的主要手段，给企业安全带来巨大的威胁和挑战。我们特别推出了“系统0day安全”系列课程，本系列课程

A vulnerability was found in iTop VPN 16.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file \ProgramData\iTop VPN\Downloader\vpn6 of the component DLL Handler. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2024-53588. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Microsoft Windows up to Server 2019 and classified as critical. This issue affects some unknown processing of the component DWM Core Library. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21304. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Reliable Multicast Transport Driver. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-21307. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Microsoft Windows. This affects an unknown part of the component Themes. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-21308. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows Server 2012 up to Server 2022 23H2. This vulnerability affects unknown code of the component Remote Desktop Services. The manipulation leads to sensitive data storage in improperly locked memory. This vulnerability was named CVE-2025-21309. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. This issue affects some unknown processing of the component Digital Media. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-21310. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as very critical, was found in Microsoft Windows 11 24H2/Server 2022 23H2/Server 2025. Affected is an unknown function of the component NTLM V1. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is traded as CVE-2025-21311. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Smart Card Reader. The manipulation leads to uninitialized resource. This vulnerability is known as CVE-2025-21312. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in dotrex Power Ups for Elementor Plugin up to 1.2.2 on WordPress and classified as problematic. This vulnerability affects the function magic-button of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13548. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in hk1993 WP Contact Form7 Email Spam Blocker Plugin up to 1.0.0 on WordPress. This affects an unknown part. The manipulation of the argument post leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13467. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in qchantelnotice SEO Friendly Accordion FAQ with AI Assisted Content Generation Plugin up to 2.2.1 on WordPress. Affected by this issue is the function noticefaq of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13458. The attack may be launched remotely. There is no exploit available.