Aggregator

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

详解典型CVE内核漏洞，手把手教你掌握Windows内核漏洞分析、EXP编写与调试技巧

Palo Alto Networks Expedition 迁移工具曝多个关键漏洞，攻击者可利用这些漏洞执行任意命令并访问敏感防火墙凭证

看雪论坛作者ID：Gushang

内核，是一个操作系统的核心。是基于硬件的第一层软件扩充，提供操作系统的最基本的功能；是操作系统工作的基础，负责管理系统的进程、内存、设备驱动程序、文件和网络系统，决定着系统的性能和稳定性。本课程讲师，

Palo Alto Networks 近日披露了其 Expedition 迁移工具中的多个关键安全漏洞，这些漏洞可能使攻击者能够执行任意命令并访问敏感的防火墙凭证。这些漏洞包括一个操作系统命令注入漏洞

保护模式下通过段划分内存的权限以及访问的权限。x86 和 x64都有六个段寄存器(Segment Register)：DS: Data Segment 数据段 可读可写不可执行CS: Code Seg

ИИ помог украсть сотни тысяч у доверчивой женщины.

Технология безопасности раскрывает цифровые следы в мессенджере.

2025 begint duurzaam voor Defensie. Het ministerie is overgestapt op elektriciteit die volledig duurzaam op Nederlandse bodem is opgewekt, bijvoorbeeld met windmolens en zonnepanelen. Het gaat om ongeveer 365.000 megawatt voor heel Defensie. Dit komt voort uit een grote aanbesteding van de rijksoverheid.

The FBI says it has removed PlugX malware from thousands of infected co

在苹果、Meta 等美国科技巨头 CEO 都向当选总统特朗普示好之后，以隐私为卖点的邮件服务和 VPN 提供商 Proton CEO Andy Yen 也公开表达了对特朗普的“敬意”。在引

在苹果、Meta 等美国科技巨头 CEO 都向当选总统特朗普示好之后，以隐私为卖点的邮件服务和 VPN 提供商 Proton CEO Andy Yen 也公开表达了对特朗普的“敬意”。在引发争议之后，相关贴文被删除。Andy Yen 认为共和党如今在为小人物挺身而出，对科技巨头们开展的反垄断诉讼是始于特朗普的第一个任期。他称，10 年前共和党是代表大企业，而民主党是代表小人物，如今完全颠倒过来了。

A vulnerability was found in SilverStripe and classified as problematic. Affected by this issue is the function process of the file SSViewer.php. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2011-4958. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2025-0489. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2025-0490. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2025-0491. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-0492. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Process Maker pm4core-docker 4.1.21-RC7 and classified as problematic. This issue affects some unknown processing. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2024-41453. The attack may be initiated remotely. There is no exploit available.