Aggregator

该文章介绍了Pentest-Windows项目——一个专为渗透测试设计的Windows环境。支持多种虚拟机（如VMware、Parallels Desktop、VirtualBox）及架构（包括x64和Arm64），内置360多种分类工具（如信息收集、漏洞扫描、端口扫描等），适用于网络安全攻防研究与实践。

A vulnerability was found in Red Hat OpenShift Lightspeed Service. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component API. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-2586. The attack can be launched remotely. There is no exploit available.

文章讨论了网络安全等级测评中存在的低价竞争问题，指出三级测评现场工作需200小时以上，人工成本远超两万元。低价导致服务质量下降、合规性存疑及人证不符风险。

欧盟议会重新提出法案强制扫描应用通信内容阻止儿童性虐待材料传播，影响WhatsApp等端到端加密应用。法案若通过将在2025年执行，破坏加密体系。政府军方账户豁免。部分国家支持。

手脱Linux下的UPX变形壳样本

当前环境出现异常,需完成验证后方可继续访问。

美国执法机构与多国合作摧毁BlackSuit勒索软件团伙的关键基础设施，缴获服务器等资产并接管其网站。该团伙曾以450多个实体为目标获取超3.7亿美元赎金。部分成员已转向新勒索软件Chaos。

Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom.

A vulnerability classified as critical has been found in PostHog. Affected is an unknown function of the component ClickHouse Table Function Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-1520. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GitLab Enterprise Edition up to 17.7.6/17.8.4/17.9.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-1257. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.7.6/17.8.4/17.9.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-0652. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Brizy Pro Plugin up to 2.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-26901. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Brizy Pro Plugin up to 2.6.1 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-26902. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Luxion KeyShot Viewer. Affected by this issue is some unknown functionality of the component KSP File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-1045. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Luxion KeyShot. This affects an unknown part of the component PVS File Parser. The manipulation leads to uninitialized pointer. This vulnerability is uniquely identified as CVE-2025-1047. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Luxion KeyShot and classified as critical. This vulnerability affects unknown code of the component SKP File Parser. The manipulation leads to use after free. This vulnerability was named CVE-2025-1046. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Enterprise Edition up to 17.8.6/17.9.5/17.10.3 and classified as problematic. This vulnerability affects unknown code of the component Keyword Handler. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2024-11129. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in VJInfotech WP Import Export Lite Plugin up to 3.9.27 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2839. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 17.8.6/17.9.5/17.10.3. Affected by this vulnerability is an unknown functionality of the component IP Restrictions Handler. The manipulation leads to insufficient granularity of access control. This vulnerability is known as CVE-2025-2408. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.9.5/17.10.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to debug messages revealing unnecessary information. This vulnerability is known as CVE-2025-2469. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.