Aggregator

主要还是放在逆向上

文章首发于看雪论坛 [原创]trx ctf 2026 house of fishing 参考文献TRX CTF 2026 house-of-fishing Writeup · rawpayload前言看了一下 trxctf 2026 的堆题，这题看上去很简单，只需要一个任意地址写将 *admin 修改成目标的地址即可触发后门函数，从而getshell，但是程序没有 show() 功能，因此无法通过

主要是围绕RSA的coppersmith、动态题目、RSA变种展开

キヤノンマーケティングジャパン株式会社が提供するGUARDIANWALL MailSuiteには、スタックベースのバッファオーバーフローの脆弱性が存在します。

Versa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud posture risk on a single platform, delivering the visibility security teams need to quantify and reduce enterprise cyber exposure. For years, security has evolved in silos. Access is protected, but cloud misconfiguration risk remains fragmented and hard to see. … More →

The post Versa CSPM brings continuous visibility to cloud risk and compliance exposure appeared first on Help Net Security.

A vulnerability was found in SillyTavern 1.13.4/1.16.0/1.17.0 and classified as critical. Impacted is an unknown function. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-44650. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in klever-go and classified as problematic. This issue affects some unknown processing of the component MultiDataInterceptor. This manipulation causes highly compressed data. The identification of this vulnerability is CVE-2026-44697. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Samsung System Support Service. This vulnerability affects unknown code. The manipulation results in improper privilege management. This vulnerability was named CVE-2026-21024. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Samsung Devices. This affects an unknown part of the component Routines. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2026-21022. Local access is required to approach this attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Samsung Devices. Affected by this issue is some unknown functionality of the component Routines. Executing a manipulation can lead to improper input validation. This vulnerability is handled as CVE-2026-21021. The physical device can be targeted for the attack. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Samsung Devices. Affected by this vulnerability is an unknown functionality of the component OmaCP. Performing a manipulation results in improper export of android application components. This vulnerability is known as CVE-2026-21020. Attacking locally is a requirement. No exploit is available.

Microsoft pushed out a significant cumulative update for Windows 11 on May 12, 2026, covering both version 25H2 and version 24H2. The update, identified as KB5089549, brings OS Builds 26200.8457 and 26100.8457 to users running these versions. It bundles the latest security fixes alongside quality improvements carried over from April’s optional preview release, making it […]

The post Microsoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2 appeared first on Cyber Security News.

A vulnerability described as critical has been identified in Samsung Galaxy Watch. Affected is an unknown function of the component FacAtFunction. Such manipulation leads to improper input validation. This vulnerability is traded as CVE-2026-21019. An attack has to be approached locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Samsung Devices. This impacts an unknown function of the component SveService. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-21018. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Samsung Devices. This affects an unknown function of the component LocationManager. The manipulation results in incorrect privilege assignment. This vulnerability is reported as CVE-2026-21016. The attack requires a local approach. No exploit exists. The affected component should be upgraded.

Крупнейшее на Урале событие для ИТ- и ИБ-сообщества: дискуссии, ИИ, киберугрозы и воркшопы.

从周二开始，父母可以获取关于他们的孩子在 Instagram 上做什么的更多细节。Meta公司正在向其青少年账户添加一项功能，向父母展示他们的孩子所参与的一般主题，例如 “篮球” 或“时尚”。Meta

A vulnerability identified as critical has been detected in Samsung Devices. The impacted element is an unknown function of the component FactoryCamera. The manipulation leads to incorrect default permissions. This vulnerability is documented as CVE-2026-21015. The attack needs to be performed locally. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Bytello Share. The affected element is an unknown function of the component Installer. Executing a manipulation can lead to uncontrolled search path. This vulnerability is registered as CVE-2026-44612. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.