Aggregator

A vulnerability has been found in MediaMonkey 4.1.23.1881 and classified as problematic. This vulnerability affects unknown code of the component MP3 Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2019-25571. The attack can only be performed from a local environment. Furthermore, an exploit is available.

Bitrefill подводит итоги взлома.

全世界可能多达九成的人感染了人类多瘤病毒 2——aka JC 病毒，以首位分离出该病毒的患者 John Cunningham 的名字首字母命名。除非被激活，对大部分人而言这种病毒不会有症状。如果激活，病毒会破坏大脑，导致“进行性多灶性白质脑病（缩写 PML）”。PML 型的 JC 病毒会破坏特定的脑细胞，导致神经细胞功能障碍和死亡。PML 被认为非常罕见，但在艾滋病出现之后，在流行早期有 2% 至 5% 的 HIV 感染者会同时出现 PML。这意味着艾滋病相关联的严重免疫抑制可能是 PML 的一种激活条件。现在，根据发表在《Annals of Internal Medicine Case》期刊上的一项研究，研究人员报告了 PML 的另一种可能的激活条件——慢性肾脏病。相比 HIV，慢性肾脏病影响全世界十分之一的人口，慢性肾脏病激活 PML 型 JC 病毒可能会带来严重后果，需要警惕。

漏洞来源一个评分十分的漏洞漏洞描述WeKnora 是一个基于 LLM 的框架，旨在实现深度文档理解和语义检索。在 0.2.12 版本之前，该应用程序的数据库查询功能存在远程代码执行 (RCE) 漏洞。验证系统未能递归检查 PostgreSQL 数组表达式和行表达式中的子节点，这使得攻击者能够绕过 SQL 注入保护。攻击者可以通过在这些表达式中嵌入危险的 PostgreSQL 函数，并将其与大型对象

今日暂未更新资讯~
更多最新文章，请访问SecWiki

记一次漏洞挖掘，借鉴的是D-Link DIR 615645815 service.cgi远程命令执行漏洞的思路，定位system危险函数，然后去看看能否控制参数等。

学点高级玩意儿

针对25年较新的一套SpringBoot+Vue在线教育(在线学习)系统进行代码审计

A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such manipulation of the argument targetFilename leads to path traversal. This vulnerability is documented as CVE-2026-32262. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Chamilo LMS up to 1.11.35. This impacts an unknown function. Performing a manipulation of the argument keyword results in cross site scripting. This vulnerability is reported as CVE-2026-30882. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Mattermost up to 11.2.2/11.3.0. Affected by this vulnerability is an unknown functionality of the component Playbook Run API. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-26304. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.3.x. Affected by this issue is some unknown functionality of the component Private Channel Handler. The manipulation results in operation on a resource after expiration. This vulnerability is known as CVE-2026-1629. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.3.x. This affects an unknown part of the component API Endpoint. This manipulation causes incorrect authorization. This vulnerability is handled as CVE-2026-26230. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an unknown function of the component File Attachment Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-68971. Remote exploitation of the attack is possible. No exploit is available.

针对厂区接入云端高敏AI模型的迫切需求，本文提出采用IPsec VPN实现低成本、高安全的云地互联方案。文章简述IPsec工作原理，并提供可参考的实战架构拓扑、加密策略、访问控制的安全实战落地指南。

记录 Wiz Cloud Hunting Games CTF 的完整调查过程：从 S3 数据外泄溯源，到 CloudTrail 追踪、Overlay 日志隐藏识别，再到持久化清除。

GhostClaw macOS 窃密恶意软件的最新攻击动向。 该恶意活动原本以恶意 npm 包为主要传播载体，而最新监测发现，攻击者已将攻击范围大幅拓展，通过仿冒合法项目的 GitHub 仓库、劫持 AI 辅助开发工作流两大新路径实施规模化供应链攻击，可绕过传统安全防护，窃取目标设备的系统凭证与敏感数据，影响范围从专业开发者群体扩大至普通 macOS 用户与自动化开发流程。 该攻击已跳出早期 npm 包单一投递模式，新增两大主流感染途径： 一是恶意 GitHub 仓库，仿冒交易机器人、开发 SDK 等合法工具，采用 “先上传良性代码养号、后植入恶意组件” 的分阶段部署手法，部分仓库积累超 380 个星标强化伪装可信度，通过 README 诱导用户执行 curl 拉取的远程 shell 命令，绕过包管理器安全防护； 二是 AI 辅助开发工作流定向攻击，通过 SKILL.md 文件伪装 OpenClaw 等框架的技能插件，利用 AI 编码智能体自动执行安装脚本，实现无人工干预的静默感染。 全流程采用无需管理员权限的轻量化多阶段载荷设计： ①初始引导阶段，install.sh 脚本伪装 Node.js 环境部署，通过 curl -k 参数禁用 TLS 证书校验，通过 GHOST_PASSWORD_ONLY 环境变量切换交互式安装 / 静默窃取双模式，衔接后续恶意载荷； ②核心窃密阶段，高度混淆的 setup.js 载荷伪造系统安装进度与 macOS 原生认证弹窗，调用系统原生 dscl 命令校验并窃取用户密码，诱导开启全磁盘访问权限，对接 C2 域名 trackpipe.dev 拉取加密的 GhostLoader 二级载荷，以分离进程执行后删除临时文件，通过伪装 npm 系统路径实现持久化； ③反取证阶段，postinstall.js 清空终端攻击痕迹，伪装合法 npm 包安装制造溯源混淆，或输出虚假成功提示迷惑用户。 所有恶意变种复用单一 C2 域名 trackpipe[.]dev，通过 UUID 区分不同攻击渠道，以 NODE_CHANNEL 环境变量标记攻击迭代版本，核心目标为 macOS 平台的开发者与 AI 开发场景，最终实现系统凭证窃取与设备持久化控制。 具体报告信息： https://www.jamf.com/blog/ghostclaw-ghostloader-malware-github-repositories-ai-workflows/

A vulnerability categorized as problematic has been discovered in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. This vulnerability is registered as CVE-2026-4544. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.