Aggregator

仿真内网、内网渗透、横向移动、权限维持、多层代理、evasion

AI 原生应用运行时防护

本文分析帆软FineReport的channel接口反序列化漏洞（含TreeBag、ImmutableSetMultimap等多条利用链）、FineVis插件任意文件写入漏洞，并列举V8/V9老版本历史漏洞。

在`nf_tables`架构中，内核允许用户自定义设置过滤规则，用户可以通过设定规则来决定数据包的处理方式（这个处理方式由`verdicts code`决定），而规则是由一系列表达式组成的，中有一种表达式叫 `nft_immediate`（立即数表达式）。它的作用是：“如果匹配成功，就将某个值设置到`NFT_REG_VERGICT`中（一个用来存放verdict的值的寄存器）”。每条 rule 执

本文根据Python代码的特性尝试绕过WAF防护

2026阿里CTF MHGA题解：基于ViburDBCP与HessianProxy的JNDI注入高版本绕过研究

本文分析了SUCTF题目SU_jdbc-master的完整攻击链。利用Unicode字符ſ转大写为S的特性，绕过仅做小写匹配的Spring MVC鉴权拦截器；随后通过Jackson反序列化覆盖默认JDBC驱动为存在漏洞的Kingbase8，结合临时文件写入与文件描述符爆破，触发恶意Spring XML配置加载，最终实现命令执行回显。

本文对帆软FineReport的项目结构，路由映射和历史漏洞进行详细分析，旨在为想要审计帆软报表的读者提供详尽的入门指南。

A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been declared as problematic. This vulnerability affects unknown code of the component AVRCP Browsing Target Handler. The manipulation of the argument attr_id results in out-of-bounds read. This vulnerability is reported as CVE-2026-28528. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been classified as problematic. This affects the function GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT/GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT of the component AVRCP Controller. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-28527. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in BlueKitchen BTstack up to 1.8.0 and classified as problematic. Affected by this issue is the function LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES/LIST_PLAYER_APPLICATION_SETTING_VALUES of the component AVRCP Controller. Executing a manipulation of the argument Count can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-28526. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

array和mqtt题目讲解

Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later

The post New macOS security feature will alert users about possible ClickFix attacks appeared first on Security Boulevard.

漏洞描述该漏洞本质上是由于JeecgBoot内置的WAF存在逻辑缺陷，导致针对特定接口的SQL注入防护被绕过。影响版本: JeecgBoot 版本 3.9.1/3.9.0需要任意用户权限漏洞分析来到SysDictController.java入口路由为 GET /sys/dict/getDictItems/{dictCode}控制器直接将 dictCode 传入sysDictService.get

Pre-Windows 2000 Computer类型机器账户的利用

kali mcp服务部署，利用claude调用mcp服务，实现自动化渗透

九垠赢系统代码审计

本文详细剖析了一个由配置失误（JWT 密钥硬编码）与后端沙箱设计缺陷导致RCE

ida-pro decompile InitializeListHead