N1CTF Reverse题目全解
N1CTF Reverse题目全解
Aggregator
CVE-2026-22219:Chainlit AI框架SSRF漏洞后端代码层面深度解析
1 day 10 hours ago
漏洞简介Chainlit是一个开源AI框架,2.9.4 之前的 Chainlit 版本在使用 SQLAlchemy 数据层后端配置时,/project/element 更新流程中存在服务器端请求伪造(SSRF)漏洞。认证客户端可以在元素中提供用户控制的 URL 值,该值由 SQLAlchemy 元素创建逻辑通过出站 HTTP GET 请求获取。这使得攻击者可以从Chainlit服务器向内部网络服务
CVE-2025-62726:n8n Git 节点裸仓库 RCE 漏洞分析
1 day 10 hours ago
准备梳理n8n 的漏洞时间轴,该漏洞作为n8n的第一个漏洞,是分析系列的第一篇文章
SpeculativeDecoding与MoE架构中的侧信道隐私风险分析
1 day 10 hours ago
分析SpeculativeDecoding和MoE推理加速机制如何将输入相关控制流外显为可观测元数据,导致提示词指纹识别、语义推断与路由泄露等新型侧信道攻击。
基于Context上下文驱动的Android 恶意软件检测实现
1 day 10 hours ago
大型语言模型(LLMs)凭借其出色的零样本推理能力和强大的语义理解能力,为恶意软件检测领域带来了新的希望。然而,将 LLMs 直接应用于 Android 恶意软件检测时,却面临着两大核心挑战:一是 Android 应用中海量的支持代码远超 LLMs 的上下文窗口限制,使得恶意行为在良性功能中难以被识别;二是 Android 应用复杂的程序结构和组件间依赖关系,超出了 LLMs 基于序列的推理能力,
Langflow SSRF 服务器端请求伪造漏洞(CVE-2025-68477)
1 day 10 hours ago
Langflow SSRF 服务器端请求伪造漏洞(CVE-2025-68477)
【热点研判】泰国2026大选民粹与民族主义交织/古巴陷能源金融双困境/伊朗美欧对峙缓中有紧/巴基斯坦连环恐袭震荡南亚
1 day 10 hours ago
【热点研判】泰国2026大选民粹与民族主义交织,政坛再洗牌或影响中泰关系走向(资料编码260204531,1
平均年薪超12万美元,2025年美国情报界人才培养与薪酬体系揭秘
1 day 10 hours ago
2025年的美国情报界正在发生一场静悄悄的变革。为了应对日益激烈的人才竞争和瞬息万变的技术环境,CIA、NSA等情报机构正从培养机制到薪酬体系进行全面升级。
CVE-2026-24447 | Six Apart Movable Type 8.4 csv injection
1 day 10 hours ago
A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been rated as critical. This affects an unknown function. Performing a manipulation results in csv injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability was named CVE-2026-24447. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-22875 | Six Apart Movable Type 8.4 Export Sites cross site scripting
1 day 10 hours ago
A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been declared as problematic. The impacted element is an unknown function of the component Export Sites. Such manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is uniquely identified as CVE-2026-22875. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-21393 | Six Apart Movable Type 8.4 Edit Comment cross site scripting
1 day 10 hours ago
A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been classified as problematic. The affected element is an unknown function of the component Edit Comment Handler. This manipulation causes cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is handled as CVE-2026-21393. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-23704 | Six Apart Movable Type 8.4 unrestricted upload
1 day 10 hours ago
A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4 and classified as critical. Impacted is an unknown function. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is known as CVE-2026-23704. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall
1 day 10 hours ago
Detectify has launched Internal Scanning, a solution that eliminates the visibility gap between external perimeters and internal environments, allowing security teams to discover and remediate vulnerabilities behind the firewall with the same speed and precision they apply to external assets. Organizations have been considering the internal network as a safe room. Detectify challenges this dangerous courtesy: compromised endpoints and lateral movement have turned internal-facing apps (like staging environments and admin panels) into prime targets. Internal … More →
The post Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall appeared first on Help Net Security.
Industry News
【已复现】大蚂蚁 (BigAnt) 即时通讯系统任意文件上传漏洞
1 day 10 hours ago
检测业务是否受到此漏洞影响,请联系长亭应急服务团队!
AI is Supercharging Work…and Your Attack Surface
1 day 11 hours ago
AI boosts productivity, but weak data governance and shadow AI are expanding the enterprise attack surface.
The post AI is Supercharging Work…and Your Attack Surface appeared first on Security Boulevard.
Benjamin Henry
制造业勒索软件威胁持续升级:2026 年趋势与洞察
1 day 11 hours ago
进入 2026 年,勒索软件仍然是制造业面临的最严峻网络安全威胁之一。
Больше рекламы богу рекламы. Как AdBoost превращает ваш браузер в пародийный кошмар
1 day 11 hours ago
Проект AdBoost на GitHub пытается высмеять современный интернет.
Stay Ahead of Ransomware - The AI Arms Race: When Both Sides Have Copilots
1 day 11 hours ago
SANS Digital Forensics and Incident Response
沃尔玛市值突破万亿美元
1 day 11 hours ago
美国零售业巨头沃尔玛市值周二突破 1 万亿美元,跻身科技巨头主导的“万亿美元市值俱乐部”。万亿美元市值俱乐部以英伟达 4.4 万亿美元居首,之后是苹果、微软、亚马逊、Alphabet 和博通,非科技公司包括了 Berkshire Hathaway 和沙特阿美。沃尔玛股价今年以来持续上涨,涨幅超过了标普 500 指数。沃尔玛成立于 1962 年,在全球有近 1.1 万家门店。
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
1 day 11 hours ago
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.
The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since
The Hacker News