Aggregator

这篇文章介绍了作者在Blaugust活动中发现的各类博客，涵盖个人成长、写作习惯、咖啡冲煮、书籍评分等多个主题。推荐的博客风格多样，包括清新设计、工作与生活平衡感悟、阅读体验分享等。

A vulnerability was found in CODESYS Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. It has been classified as critical. Affected is an unknown function. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-41658. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Grafana Infinity Datasource Plugin up to 3.4.0 and classified as critical. This issue affects some unknown processing of the component URL Restriction Handler. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-8341. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in CODESYS Control RTE, Control RTE SL, Control Win, HMI, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL and classified as problematic. This vulnerability affects unknown code of the component Communication Request Handler. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-41691. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Horizon3.ai通过NodeZero®重新定义了基于风险的漏洞管理（RBVM），聚焦于攻击者可利用的实际漏洞、真实威胁行为及业务影响。其六项新功能构建了一个闭环系统，从发现到修复再到验证，帮助企业有效降低真实风险。

A vulnerability, which was classified as problematic, was found in CODESYS Control RTE, Control RTE SL, Control Win, HMI, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. This affects an unknown part of the component PKI Folder. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2025-41659. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Технология от Microsoft защищает твои пароли… пока они подписаны как "пароль".

Scattered Spider网络犯罪组织活动升级，利用ransomware、社会工程学和身份盗窃攻击全球关键基础设施。其最新行动包括部署DragonForce勒索软件加密企业系统，并通过云服务窃取数据。该组织擅长社交工程和身份劫持，利用多种恶意软件和合法工具隐蔽行动，对商业和关键行业构成严重威胁。

勒索软件团伙利用微软SharePoint漏洞链攻击全球至少148个组织，发现新变种4L4MD4R并通过恶意加载器传播。攻击者试图禁用安全监控。微软和谷歌将其与中国威胁行为者相关联，并已修复相关漏洞。

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]

A vulnerability classified as critical was found in Bluetooth. Affected by this vulnerability is an unknown functionality of the component GATT Service. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-20700. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Bluetooth. Affected by this issue is some unknown functionality of the component BR/EDR. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-20701. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Bluetooth. This affects an unknown part of the component Custom Protocol. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-20702. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in thiagoralves OpenPLC v3 up to 9cd8f1b53a50f9d38708096bfc72bcbb1ef47343. Affected is an unknown function of the file /edit-user. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-54962. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in MediaTek MT2718, MT6761, MT6765, MT6768, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6889, MT6893, MT6897, MT6989, MT6991, MT8186, MT8196, MT8391, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-20697. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8196, MT8391, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-20698. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Fujifilm DocuPrint CP225 w, DocuPrint CP228 w, DocuPrint CP115 w, DocuPrint CP118 w, DocuPrint CP116 w, DocuPrint CP119 w, DocuPrint CM225 fw, DocuPrint CM228 fw, DocuPrint CM115 w, DocuPrint CM118 w, Apoes 2150 N, Apoes 2350 NDA, Apoes 2150 ND and Apoes 2150 NDA and classified as critical. This vulnerability affects unknown code of the component Internet Printing Protocol/Line Printer Daemon. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-48499. The attack can be initiated remotely. There is no exploit available.

加解密插件介绍使用

本文主要介绍Tomcat相关文件的利用，当遇到文件读取与路径映射错误相关漏洞时，可以从Tomcat配置文件和日志文件入手一步步对该漏洞进行深入利用。