Aggregator

Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed.

When using Cursor I noticed that it can render Mermaid diagrams.

Cursor Renders Mermaid Diagrams

If you are not familiar with Mermaid, it has a simple syntax:

graph TD User --> Computer

This will create a diagram as follows:

NIS 2指令通过整合网络安全与数据保护要求，推动企业从分散合规转向整体治理策略。结合GDPR、AI Act和Cyber Resilience Act等法规，企业需优化资源管理、提升风险评估能力，并构建统一框架以应对多法规挑战。

Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report.

The post CrowdStrike investigated 320 North Korean IT worker cases in the past year appeared first on CyberScoop.

当前环境异常，需完成验证后方可继续访问。

为减少噪音,社区关闭自我发帖,改为每周统一问题线程,并建议特定工具或目标相关问题转至StackExchange或r/AskReverseEngineering.

文章探讨了专业美术背景者在幼儿美育启蒙中的挑战与反思。指出专业美术注重技法与结果，而启蒙更关注孩子的想象力、表达与情感体验。强调父母应支持孩子自由创作，避免用成人标准干预其创作过程，并通过引导帮助孩子发现与表达对世界的认知与感受。

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. This vulnerability is known as CVE-2025-8529. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. This vulnerability is traded as CVE-2025-8528. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The identification of this vulnerability is CVE-2025-8527. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. This vulnerability was named CVE-2025-8526. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-8525. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #622176 / VDB-318655

2024 年第 28 届国际 Ｃ 语言混乱代码大赛（IOCCC, The International Obfuscated C Code Contest）公布了获奖作品，其中包括 OpenRISC 32 位 CPU 模拟器、能运行 Doom 的虚拟机，号称世界最小的大模型推理引擎（基于 70 亿参数的 Meta 开源模型 LLaMA 2），等等。IOCCC 是一项国际程序设计赛事，旨在写出最有创意和最让人难以理解的 C 语言代码。从 1984 年开始，该赛事基本每年举办一次，但有过多次中断，IOCCC28 是为了纪念比赛创办 40 周年。

Submit #622175 / VDB-318654

Submit #622174 / VDB-318653

Submit #622173 / VDB-318652

Submit #622172 / VDB-318651

Вы верите в один текст. Но на каждое слово — по 4 версии.

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. This vulnerability is handled as CVE-2025-8524. The attack needs to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.