从漏洞聚集现象到o2oa的20个0day漏洞挖掘
从漏洞聚集现象到o2oa的20个0day漏洞挖掘
Aggregator
挑战 | 一起来审计一个认证部分的代码漏洞
3 weeks 6 days ago
系统检测到环境异常,请完成验证后继续访问。
挑战 | 一起来审计一个认证部分的代码漏洞
3 weeks 6 days ago
pyLDAPGui - How It was Born
3 weeks 6 days ago
pyLDAPGui是一款基于Python的跨平台LDAP浏览器工具,支持连接LDAP/LDAPS服务器并以树形视图展示目录结构。它能够导出数据为CSV或JSON格式,并内置了运营安全机制以减少检测风险。该工具旨在替代受限于Windows环境的AD Explorer,并提供更灵活的功能。
深度解析pytorch rpc模块rce
3 weeks 6 days ago
笔者最近在了解ai相关的内容。pytorch作为深度学习领域极具影响力的框架,自然是避不开的。上网搜索pytorch相关的漏洞,网上大部分都是对于rpc框架反序列化漏洞和命令注入漏洞的公告。这两个漏洞评分都在9分网上,公开了一段时间了,但是poc寥寥无几,网上也没有对此的分析,而且其中一个漏洞的cve编号被撤销了,这引发了笔者的好奇心,遂开始以下分析探索。
VSRC 邀您共度中秋佳节!
3 weeks 6 days ago
派早报:iPhone Air 国行延期,三大运营商均将支持
3 weeks 6 days ago
iPhone Air国行延期发售,三大运营商将提供eSIM支持;工信部有条件批准L3级智能网联汽车生产准入;商务部对美芯片产业发起反歧视和反倾销调查;SpaceX斥资170亿美元收购EchoStar频谱资源布局移动通讯业务;网信办拟要求大型平台设立个人信息保护监督委员会;微软提高Visual Studio 2026建议配置以推动开发者争取高配设备。
CVE-2025-10256 | FFmpeg Firequalizer filter af_firequalizer.c config_input null pointer dereference (Nessus ID 264693)
3 weeks 6 days ago
A vulnerability was found in FFmpeg. It has been rated as problematic. This affects the function config_input of the file libavfilter/af_firequalizer.c of the component Firequalizer filter. This manipulation causes null pointer dereference.
This vulnerability is tracked as CVE-2025-10256. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-39740 | Linux Kernel up to 6.16.1/6.17-rc1 drm put use after free (Nessus ID 264692 / WID-SEC-2025-2040)
3 weeks 6 days ago
A vulnerability classified as critical was found in Linux Kernel up to 6.16.1/6.17-rc1. Affected is the function put of the component drm. The manipulation results in use after free.
This vulnerability is reported as CVE-2025-39740. The attacker must have access to the local network to execute the attack. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-39758 | Linux Kernel up to 6.6.102/6.12.42/6.15.10/6.16.1 do_tcp_sendpages allocation of resources (Nessus ID 264695 / WID-SEC-2025-2040)
3 weeks 6 days ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.102/6.12.42/6.15.10/6.16.1. This affects the function do_tcp_sendpages. This manipulation causes allocation of resources.
This vulnerability is tracked as CVE-2025-39758. The attack is only possible within the local network. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-39741 | Linux Kernel up to 6.16.1/6.17-rc1 assertion (Nessus ID 264694 / WID-SEC-2025-2040)
3 weeks 6 days ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.1/6.17-rc1. Affected by this vulnerability is an unknown functionality. This manipulation causes reachable assertion.
This vulnerability appears as CVE-2025-39741. The attacker needs to be present on the local network. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
Everest
3 weeks 6 days ago
You must login to view this content
cohenido
如何构建API安全一体化防护体系
3 weeks 6 days ago
当前环境出现异常,需完成验证后方可继续访问。
如何构建API安全一体化防护体系
3 weeks 6 days ago
摘要:在数字化时代,API(应用程序编程接口)已成为企业应用间数据交互和业务整合的核心枢纽。
Everest
3 weeks 6 days ago
You must login to view this content
cohenido
Everest
3 weeks 6 days ago
You must login to view this content
cohenido
Everest
3 weeks 6 days ago
You must login to view this content
cohenido
Nuclei进阶指南:安全研究者的扫描与模板技巧
3 weeks 6 days ago
Nuclei 是一款轻量级、模板驱动的漏洞扫描利器,它能让安全研究者在几秒钟内对大量资产进行高效扫描。本篇文章将带你从 Nuclei 的基础安装、模板使用,到自定义模板编写和高级实战技巧全流程掌握。你将学会如何快速发现 Web 漏洞、构建自动化扫描链路,并结合实战案例提升渗透测试效率。无论你是初学者还是经验丰富的安全工程师,这篇文章都能让你真正玩转 Nuclei,让漏洞无处可藏——安全扫描从此不再
.NET 内网攻防实战电子报刊
3 weeks 6 days ago
当前环境出现异常,需完成验证后方可继续访问。
从 CVE-2024-43485 审计 .NET 隐式依赖的安全漏洞
3 weeks 6 days ago
当前环境异常,需完成验证后方可继续访问。