Aggregator

A vulnerability was found in Xiaomi Galaxy FDS Android SDK up to 3.0.8. It has been classified as critical. This vulnerability affects the function GalaxyFDSClientImpl.createHttpClient. Performing a manipulation results in certificate with host mismatch. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-26214. The attack is possible to be carried out remotely. No exploit exists.

New research reveals a 1-trillion-attribute threat landscape driven by machine speed and scale, and high-density credential consolidation. LOS ALTOS, CA — February 12, 2026 — Constella, the leader in Identity Risk Intelligence, today announced the release of its flagship 2026 Identity Breach Report. The report details a fundamental shift in the cyber threat landscape, moving from the …

The post Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity appeared first on Security Boulevard.

dyld（dynamic linker 动态链接器）是苹果操作系统（iOS、iPadOS、macOS、watc

A vulnerability was found in NTN Smart Panel and classified as critical. This affects an unknown part. Such manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-14014. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in AMD Instinct MI210 and Instinct MI250 and classified as critical. Affected by this issue is some unknown functionality of the component PMFW. This manipulation causes unintended intermediary. This vulnerability is registered as CVE-2023-31313. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

A critical flaw in the WPvivid Backup & Migration WordPress plugin can let an unauthenticated attacker upload files and run code on the server, a path that often ends in full site takeover. The issue is tracked as CVE-2026-1357, scored 9.8 (Critical), and affects plugin versions up to and including 0.9.123, with a fix available […]

The post WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks appeared first on Cyber Security News.

re的进阶的知识，补充常见的理论以及新出现的wasm类型

2026年新春杯Misc方向所有题目的正反手解析

根据源码了解pwn的常见的框架的编写

第四届阿里CTF官方writeup

从0到1分析了该漏洞的核心原理，并纠正部分误区

漏洞描述N8N 是一个开源的工作流程自动化平台。在1.123.17和2.5.2版本之前，拥有创建或修改工作流权限的认证用户可以滥用工作流参数中的精心设计表达式，在运行n8n的主机上触发非预期的系统命令执行。这个问题已在1.123.17和2.5.2版本中得到修补漏洞影响评分：9.4版本：< 1.123.17； 2.x系列版本 < 2.5.2漏洞分析恶意请求构造后端触发链创建我们的恶意工作

本文介绍了Python中利用Unicode“斜体字符”（如数学字母符号）绕过安全检测的原理：这些字符虽视觉相似但编码不同，而Python在解析标识符时会隐式进行NFKC/NFKD规范化，将其等效为普通ASCII字符。若WAF未做相同处理，攻击者可用变体字符构造恶意代码（如prinᵗ(1)）实现绕过。该方法适用于函数名、变量名和字符串内容，但不适用于关键字，且在不同环境（如Web框架、JSON解析）

漏洞简介n8n 在其工作流表达式评估系统中存在一个关键的远程代码执行（RCE）漏洞。经过认证的用户在工作流配置过程中提供的表达式，可以在与底层运行时隔离不足的执行上下文中进行评估。 经过认证的攻击者可能会滥用这种行为，以n8n进程的权限执行任意代码。成功的利用可能导致受影响实例的全面入侵，包括未经授权访问敏感数据、修改工作流程以及系统级作的执行。漏洞影响评分：9.9版本：<1.123.17,

A vulnerability labeled as problematic has been found in Orbisius Random Name Generator Plugin up to 1.0.2 on WordPress. The impacted element is an unknown function of the component Shortcode Handler. Executing a manipulation of the argument btn_label can lead to cross site scripting. This vulnerability appears as CVE-2026-1893. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in Pix Para Woocommerce Plugin up to 2.13.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Payment Gateway Configuration Handler. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-15400. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Roundcube Webmail up to 1.5.12/1.6.12. Affected by this issue is some unknown functionality of the component Cascading Style Sheet Handler. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is registered as CVE-2026-26079. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Beaver Builder Page Builder Plugin up to 2.10.0.5 on WordPress. It has been rated as problematic. Affected by this vulnerability is the function save_global_settings. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1231. The attack can be initiated remotely. There is not any exploit available.

Oekraïne heeft dringend behoefte aan extra slagkracht. Nederland, het Verenigd Koninkrijk, Noorwegen en Zweden schieten daarom te hulp met een nieuwe levering van Amerikaanse wapens, materieel en munitie. Het gaat om militaire steun via het Prioritised Ukraine Requirements List (PURL) initiatief. Ook levert Nederland F-16-simulatoren.