Aggregator

A vulnerability has been found in kalcaddle kodbox 1.64 and classified as problematic. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request forgery. This vulnerability is known as CVE-2026-4590. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. This vulnerability is traded as CVE-2026-4589. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key . This vulnerability appears as CVE-2026-4588. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

本文将大部分沙箱的内容做了小结，针对不同沙箱类型对绕过手法进行了分类，内容较多敬请谅解

skill介绍、skill使用、开发属于自己的skill。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]

本文收集了软件安全赛2026线上初赛全部题的wp

本文对帆软FineReport的项目结构，路由映射和历史漏洞进行详细分析，旨在为想要审计帆软报表的读者提供详尽的入门指南。

PyTorch torch.export.load 隐藏的反序列化 RCE 漏洞

2026白帽大会 - 破局与重构：多模态AI Agent的红蓝对抗效率革命

2026阿里白帽大会 - Kaminsky重现：重新思考DNS辖区原则实现的安全性

A vulnerability classified as problematic was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. This vulnerability is reported as CVE-2026-4587. The attack can be launched remotely. No exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. This vulnerability is documented as CVE-2026-4585. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

src漏洞挖掘分享，人生中第一个src漏洞

本文是一篇探讨如何将AI（尤其是大语言模型）与Web3智能合约安全审计深度结合的技术实践与方法论文章。基于实际工作经验，提出在AI时代，真正高效的自动化代码审计不应依赖简单的指令或具体的漏洞案例，而应回归“提示词编写（Prompt Engineering）”的基本功。

本文基于一套经过实战验证的安全审计 Skill 体系的设计与重构经验，系统讲解如何编写高质量的代码审计 Skill。