Aggregator

A vulnerability classified as problematic was found in GStreamer up to 1.10.1. This vulnerability affects the function _parse_pat of the component mpegts Parser. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2016-9813. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Host. The impacted element is an unknown function of the component IPv6 Fragmentation Handler. This manipulation causes code (Generic). This vulnerability is handled as CVE-2016-10142. The attack can be initiated remotely. There is not any exploit available. Due to its background and reception, this vulnerability has an historic impact. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in ntopng up to 2.4. Impacted is an unknown function of the file admin/add_user.lua. Such manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2017-5473. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in Serendipity up to 2.0.5 and classified as critical. The affected element is an unknown function of the file comment.php. Performing a manipulation results in open redirect. This vulnerability was named CVE-2017-5474. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Serendipity up to 2.0.5 and classified as problematic. The impacted element is an unknown function of the file comment.php. Executing a manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2017-5475. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Serendipity up to 2.0.5. It has been classified as problematic. This affects an unknown function of the component Event Plugin/Sidebar Plugin. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2017-5476. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Juniper Junos. The affected element is an unknown function of the component ICMPv6 Fragment Handler. Performing a manipulation results in code. This vulnerability is known as CVE-2016-10142. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

New StorybyGooglebyGoogle@googleGoogle develops search, advertising, cloud, and AI technologies at

New StorybyAstounding StoriesbyAstounding Stories@astoundingstoriesDare to dream. Dare to go where

Spring Boot CloudFoundry Actuator 认证绕过漏洞 CVE-2026-22733

该文章介绍了一道 Node.js CTF 题目的解题思路：攻击者首先利用 /changepassword 接口的 merge() 函数原型链污染漏洞，注入 isAdmin: true 提权为管理员；随后通过 CVE-2026-22709 绕过 vm2 沙箱执行任意命令；最后利用 root 权限的 /backup.sh 定时脚本，将 /flag 内容写入静态目录实现读取。核心链：原型污染提权 → v

小0day；CodeParser.parse_callable_details() 方法在解析函数的返回类型注解时，将注解字符串通过 ast.unparse() 提取后直接传递给 eval() 执行。

iscc2026web方向wp

在契约锁电子签章系统的安全审计中，通过分析官方补丁包发现一处逻辑漏洞：短信验证码校验可被绕过，导致任意用户注册。尽管登录环节设置了短信验证码及多项参数校验，但由于短信发送条件判断存在歧义，且注册与登录流程过度耦合，形成了一条完整的攻击路径。

钓鱼网站利用AI生成逼真页面、仿冒官方域名排名，诱导用户下载携带恶意载荷的“WinRAR安装包”。

本文详细分析了 cPanel & WHM 认证绕过漏洞（CVE-2026-41940）的原理与复现过程，该漏洞源于系统会话机制未严格过滤换行符（CRLF），未授权攻击者可利用此缺陷，在预认证阶段将伪造的 root 权限标识注入至底层 Session 文件中。随后通过触发缓存提升机制使恶意数据生效，从而直接绕过登录校验，获取WHM 管理员权限。

一文讲明js原型链污染原理及概念误区，包含常见绕过思路

在某次攻防下遇到的edr环境,对其进行挖掘,发现可以滥用的程序

德国萨克森州经济部长迪尔克·潘特表示，在德国汽车产业面临转型压力之际，应以更务实态度看待与中国汽车制造商的合作，可通过合资等形式引入中国合作伙伴参与该州汽车工厂生产。潘特在萨克森州经济部11日发表的声

Новая уязвимость в Windows позволяет стать полноправным хозяином чужого компьютера.