Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

记一次漏洞挖掘，借鉴的是D-Link DIR 615645815 service.cgi远程命令执行漏洞的思路，定位system危险函数，然后去看看能否控制参数等。

学点高级玩意儿

针对25年较新的一套SpringBoot+Vue在线教育(在线学习)系统进行代码审计

A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such manipulation of the argument targetFilename leads to path traversal. This vulnerability is documented as CVE-2026-32262. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Chamilo LMS up to 1.11.35. This impacts an unknown function. Performing a manipulation of the argument keyword results in cross site scripting. This vulnerability is reported as CVE-2026-30882. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Mattermost up to 11.2.2/11.3.0. Affected by this vulnerability is an unknown functionality of the component Playbook Run API. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-26304. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.3.x. Affected by this issue is some unknown functionality of the component Private Channel Handler. The manipulation results in operation on a resource after expiration. This vulnerability is known as CVE-2026-1629. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.3.x. This affects an unknown part of the component API Endpoint. This manipulation causes incorrect authorization. This vulnerability is handled as CVE-2026-26230. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an unknown function of the component File Attachment Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-68971. Remote exploitation of the attack is possible. No exploit is available.

针对厂区接入云端高敏AI模型的迫切需求，本文提出采用IPsec VPN实现低成本、高安全的云地互联方案。文章简述IPsec工作原理，并提供可参考的实战架构拓扑、加密策略、访问控制的安全实战落地指南。

GhostClaw macOS 窃密恶意软件的最新攻击动向。 该恶意活动原本以恶意 npm 包为主要传播载体，而最新监测发现，攻击者已将攻击范围大幅拓展，通过仿冒合法项目的 GitHub 仓库、劫持 AI 辅助开发工作流两大新路径实施规模化供应链攻击，可绕过传统安全防护，窃取目标设备的系统凭证与敏感数据，影响范围从专业开发者群体扩大至普通 macOS 用户与自动化开发流程。 该攻击已跳出早期 npm 包单一投递模式，新增两大主流感染途径： 一是恶意 GitHub 仓库，仿冒交易机器人、开发 SDK 等合法工具，采用 “先上传良性代码养号、后植入恶意组件” 的分阶段部署手法，部分仓库积累超 380 个星标强化伪装可信度，通过 README 诱导用户执行 curl 拉取的远程 shell 命令，绕过包管理器安全防护； 二是 AI 辅助开发工作流定向攻击，通过 SKILL.md 文件伪装 OpenClaw 等框架的技能插件，利用 AI 编码智能体自动执行安装脚本，实现无人工干预的静默感染。 全流程采用无需管理员权限的轻量化多阶段载荷设计： ①初始引导阶段，install.sh 脚本伪装 Node.js 环境部署，通过 curl -k 参数禁用 TLS 证书校验，通过 GHOST_PASSWORD_ONLY 环境变量切换交互式安装 / 静默窃取双模式，衔接后续恶意载荷； ②核心窃密阶段，高度混淆的 setup.js 载荷伪造系统安装进度与 macOS 原生认证弹窗，调用系统原生 dscl 命令校验并窃取用户密码，诱导开启全磁盘访问权限，对接 C2 域名 trackpipe.dev 拉取加密的 GhostLoader 二级载荷，以分离进程执行后删除临时文件，通过伪装 npm 系统路径实现持久化； ③反取证阶段，postinstall.js 清空终端攻击痕迹，伪装合法 npm 包安装制造溯源混淆，或输出虚假成功提示迷惑用户。 所有恶意变种复用单一 C2 域名 trackpipe[.]dev，通过 UUID 区分不同攻击渠道，以 NODE_CHANNEL 环境变量标记攻击迭代版本，核心目标为 macOS 平台的开发者与 AI 开发场景，最终实现系统凭证窃取与设备持久化控制。 具体报告信息： https://www.jamf.com/blog/ghostclaw-ghostloader-malware-github-repositories-ai-workflows/

A vulnerability categorized as problematic has been discovered in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. This vulnerability is registered as CVE-2026-4544. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been rated as critical. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. This vulnerability is cataloged as CVE-2026-4543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #774714 / VDB-350368

Submit #774711 / VDB-336194

Submit #774696 / VDB-352361

Submit #774693 / VDB-352361

Submit #774692 / VDB-352361