Aggregator

Currently trending CVE - Hype Score: 13 - Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 19 - Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command ...

Currently trending CVE - Hype Score: 41 - Unity Editor 2019.1 through 6000.3 could allow remote attackers to exploit file loading and Local File Inclusion (LFI) mechanisms via a crafted local application because of an Untrusted Search Path. This could permit unauthorized manipulation of runtime resources and third-party ...

Currently trending CVE - Hype Score: 1 - VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Currently trending CVE - Hype Score: 1 - VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual ...

Currently trending CVE - Hype Score: 49 - The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

Currently trending CVE - Hype Score: 21 - VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this ...

Currently trending CVE - Hype Score: 31 - Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a ...

Currently trending CVE - Hype Score: 15 - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 23 - Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Name: COMPFEST CTF 2025 (an COMPFEST CTF event.)
Date: Oct. 4, 2025, 2 a.m. — 05 Oct. 2025, 02:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://compfest.id/
Rating weight: 64.00
Event organizers: CSUI

项目地址 https://github.com/DERE-ad2001/Frida-Labs

万字长文：Linux 内核中/proc/self/maps 的实现与匿名空间释放机制探究

用友U8 Cloud NCCloudGatewayServlet接口任意文件上传漏洞分析

先知防再学攻。本篇文章针对OLLVM进行详细解析，旨在让读者在逆向过程中遇到此类情形不会迷茫。后续会针对此类问题提出相应的解决方案。

提取SSH通信会话密钥、利用会话密钥对SSH加密数据进行解密

本文介绍Yakit安装配置、MITM劫持、流量过滤、标记替换及爆破测试等核心功能，涵盖免证书抓包、HAE规则导入与热加载脚本实践。

前言微信公众号刷到了这个 cve，cvss 10 分，一个满分漏洞，去看了下其官方通告发现之前在学习 springboot 的利用时简单看了下和这个 cve 类似的一个洞， cve-2022-22947 ，当时是学了下咋打，没具体分析源码，这个满分漏洞其实就是对 2022 那个 cve 的一个，先分析下 2022 的洞，方便后续分析这个 cveCVE-2022-22947 SPEL RCE环境：h