Aggregator

A vulnerability was found in Yandex Navigator 6.60 on Android. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component SharedPreference File Handler. This manipulation causes denial of service. This vulnerability is tracked as CVE-2023-29751. The attack is restricted to local execution. No exploit exists.

A vulnerability identified as critical has been detected in Yandex Navigator 6.60 on Android. Affected by this issue is some unknown functionality of the component SharedPreference File Handler. Performing manipulation results in improper authorization. This vulnerability is reported as CVE-2023-29749. The attack requires a local approach. No exploit exists.

源码层面详解Node.js反序列化漏洞原理与利用

1、前言最不想看的一个产品就是GeoServer，这次就做初步的分析吧，它还是比较好理解的。GeoServer是一款开源的地理数据服务器，用于共享、编辑和发布地理空间数据，支持多种标准地图服务协议。（阿里云的图没找到，将就一下）版本信息如下：2、整体架构标准的采用模块化研发我们长话短说，根据漏洞的描述和修复的点来说一下它的部分架构，它是如何解析我们的url的，怎么获取，又怎么分发下去的，又是如何触

A vulnerability was found in Ugreen DH2100+ up to 5.3.0 and classified as critical. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. This vulnerability is referenced as CVE-2025-14693. The attack can be executed directly on the physical device. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

大家好啊，这里是说的CTF

Департамент транспорта рекламирует сайты для взрослых. А что такого?

近期有不少师傅在咨询我，问我说：常规的漏洞原理和利用都捻熟于心，但是为什么在SRC挖掘和攻防中，往往就是挖不到漏洞呢？我给了两点回复：第一个就是实战的经验比较少，对于漏洞在哪出现，有什么手法还掌握的不多；第二个是信息搜集没有得到要领，只会僵硬的进行信息搜集，对于边缘资产和隐形资产的发掘没有经验。

Submit #705035 / VDB-311659

Submit #704657 / VDB-336411

Submit #704646 / VDB-336411

A vulnerability has been found in Mayan EDMS up to 4.10.1 and classified as problematic. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. The identification of this vulnerability is CVE-2025-14692. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

A vulnerability, which was classified as problematic, was found in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-14691. The attack may be performed from remote. In addition, an exploit is available. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Submit #704246 / VDB-222361

已知 N = P*Q^r，若存在一个足够大的整数 e，被告知 e | φ(N)，可以多项式时间分解 N

深入研究压缩文件 CRC32 碰撞解密的原理

Submit #711729 / VDB-336410

Submit #711713 / VDB-336409

记录下thl靶场的靶机渗透，共20个靶机的详细渗透过程，里面对各种渗透提权payload进行了详细的解释刨析，希望能对刚入门渗透的热爱安全的师傅带来帮助

A vulnerability was found in itsourcecode Student Management System 1.0. It has been rated as critical. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-14653. Remote exploitation of the attack is possible. Furthermore, an exploit is available.