Aggregator

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内，并且直接写描述，不需要特定的开头。首先，我得通读整篇文章，抓住主要信息。 文章讲的是Intigriti的一个CTF挑战，主题是通过XSS漏洞来获取flag。看起来他们利用了DOM污秽和CSP绕过。首先，他们分析了应用的安全策略，比如CSP和DOMPurify的使用。然后发现了ComponentManager这个组件管理器，可以动态加载脚本。接着找到了一个JSONP端点，并结合DOM污秽来控制authConfig，最终导致cookie泄露。 所以总结下来，关键点是XSS漏洞、DOM污秽、CSP绕过、组件管理器和JSONP端点。这些结合起来让攻击者能够获取flag。 现在要把这些信息浓缩到100字以内，确保涵盖所有关键步骤：XSS链、DOM污秽、CSP绕过、组件管理器加载脚本、JSONP端点以及最终的cookie窃取。 文章描述了一个CTF挑战中通过XSS漏洞获取flag的过程。利用DOM污秽和CSP绕过技术，攻击者构造了一个HTMLpayload注入到页面中。该payload通过ComponentManager动态加载一个包含JSONP回调的脚本，并结合window.authConfig的clobbering技术窃取了admin的cookie，最终获取了flag。

A vulnerability classified as critical has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument course_code leads to sql injection. This vulnerability is traded as CVE-2026-4783. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program.

The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.

A vulnerability described as critical has been identified in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. This vulnerability appears as CVE-2026-4781. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. This vulnerability is reported as CVE-2026-4780. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. This vulnerability is documented as CVE-2026-4779. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. This vulnerability is registered as CVE-2026-4778. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. This vulnerability is cataloged as CVE-2026-4777. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #775811 / VDB-352801

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

Submit #775786 / VDB-352800

Submit #775174 / VDB-352799

​Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. [...]

Submit #775173 / VDB-352798

Submit #775172 / VDB-352797

Submit #775171 / VDB-352796

Submit #775169 / VDB-352795

A vulnerability was found in Free5GC up to 4.2.0. It has been rated as problematic. Affected by this issue is the function HandleAuthenticationFailure of the component AMF. The manipulation leads to denial of service. This vulnerability is listed as CVE-2026-30653. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in go-vikunja vikunja up to 2.1.x. It has been declared as critical. Affected by this vulnerability is the function ResetPassword of the file /api/v1/user/password/token of the component Password Reset Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-33316. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in go-vikunja vikunja up to 2.1.x. It has been classified as critical. Affected is an unknown function of the component Caldav Endpoint. Performing a manipulation results in authentication bypass using alternate channel. This vulnerability is identified as CVE-2026-33315. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.