Aggregator

CVE-2020-20703 | vim 8.1.2135 operand buffer overflow (Issue 5041)

4 months ago

A vulnerability was found in vim 8.1.2135. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument operand leads to buffer overflow. This vulnerability is known as CVE-2020-20703. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2023-33495 | Craft CMS up to 4.4.9 cross site scripting

Vuldb Updates

4 months ago

A vulnerability, which was classified as problematic, has been found in Craft CMS up to 4.4.9. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2023-33495. The attack may be initiated remotely. There is no exploit available.

vuldb.com

每周蓝军技术推送（2025.4.19-4.25）

M01NTeam

4 months ago

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

每周蓝军技术推送（2025.4.19-4.25）

M01NTeam

4 months ago

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

NVIDIA NeMo 框架三大高危漏洞致远程攻击与数据篡改风险剧增

安全客

4 months ago

安全客

TA558, Aggah и Blind Eagle: совпадение, копипаста или синдикат?

Securitylab.ru

4 months ago

Как Crypters And Tools спутал карты аналитикам.

SpartanCTF 2025

CTF Time

4 months ago

Name: SpartanCTF 2025 (an SpartanCTF event.)
Date: March 28, 2025, 9 p.m. — 30 March 2025, 21:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://spartan.ctfd.io/
Rating weight: 0.00
Event organizers: Zero Day Club

HackPack CTF 2025

CTF Time

4 months ago

Name: HackPack CTF 2025 (an HackPack CTF event.)
Date: April 18, 2025, 4 p.m. — 19 April 2025, 15:59 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://hackpack.club/ctf2025/
Rating weight: 0.00
Event organizers: hackpack

THJCC CTF 2025

CTF Time

4 months ago

Name: THJCC CTF 2025 (an THJCC CTF event.)
Date: April 19, 2025, midnight — 20 April 2025, 12:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.scint.org/
Rating weight: 25.00
Event organizers: CakeisTheFake

WSUCTF25

CTF Time

4 months ago

Name: WSUCTF25 (an WSUCTF event.)
Date: April 19, 2025, 1 p.m. — 19 April 2025, 20:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://waynestateuniversity-ctf.ctfd.io/
Rating weight: 0.00
Event organizers: WayneStateCyber

限时¥399！Android逆向内核攻防实战进阶

看雪学院

4 months ago

核心聚焦于助力学员轻松掌握从内核态隐藏 frida 的技术，且全程无需重新编译内核。

本周热岗！欢迎投递简历

看雪学院

4 months ago

文末投递简历

突发！微软 Defender XDR 误报，上千份敏感文档泄露

看雪学院

4 months ago

微软 Defender XDR 误报致 1700 余份机密文件泄露，ANY.RUN 紧急应对仍难完全止损

基于静态分析的路由器固件二进制漏洞挖掘经验分享

看雪学院

4 months ago

看雪论坛作者ID：xubeining

Linux “io_uring” 安全盲点可导致隐秘的 rootkit 攻击

代码卫士

4 months ago

可导致 rootkit 以无法检测的方式在系统上运营，同时绕过高阶的企业安全软件。

2025年Q1 遭利用漏洞达159个，开源软件类排名第四

代码卫士

4 months ago

在这159个漏洞中，25.8%的漏洞正在等待或正在由美国 NIST NVD分析，而3.1%的漏洞已被分配新的“延期”状态标记。

警惕！新型隐写术攻击活动利用 Microsoft Office 漏洞传播 AsyncRAT

安全客

4 months ago

安全客

韩监管机构称 DeepSeek 未经许可将用户信息传输到境外

Solidot

4 months ago

韩国个人信息保护委员会 24 日发布的调查结果显示，目前暂停在韩下载服务的中国 AI 模型DeepSeek（深度求索）曾将韩国用户信息和输入内容擅自转移至中美等地。从 1 月 15 日到 2 月 15 日，DeepSeek 将用户的设备、网络、APP 信息等个人信息擅自转移至字节跳动旗下云服务平台火山引擎等 3 家在华企业和 1 家在美企业。DeepSeek 未事先就此获得用户同意，也未在个人信息处理方针中明示相关内容。除用户个人信息之外，DeepSeek 还将用户在输入框内输入的内容擅自转移给火山引擎。委员会指出，DeepSeek 没有将输入内容转移的必要，且未事前提供“opt-out”选项，建议其立即删除向火山引擎转移的输入内容相关数据。委员会未公布 DeepSeek 重启在韩服务的具体时间。考虑到 DeepSeek 已对大部分问题采取改善措施，预计其不日将重启在韩下载服务。

Новый Gmail-инвайт: как одним кликом лишиться учётки

Securitylab.ru

4 months ago

Gmail пообещал шифр, а открыл фишерам портал в чужие ящики.

CVE-2020-21366 | GreenCMS 2.3 index.php adduser cross-site request forgery (Issue 115)

Vuldb Updates

4 months ago

A vulnerability was found in GreenCMS 2.3. It has been rated as problematic. Affected by this issue is the function adduser of the file index.php. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2020-21366. The attack may be launched remotely. There is no exploit available.

vuldb.com

Aggregator

Managed ad