Aggregator

A vulnerability classified as problematic has been found in MapTiler Tileserver-php 2.0. Affected is an unknown function. The manipulation of the argument layer leads to cross site scripting. This vulnerability is traded as CVE-2025-44136. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in TSplus Remote Access Admin Tool. Affected by this vulnerability is an unknown functionality. The manipulation leads to insufficiently protected credentials. This vulnerability is known as CVE-2025-5922. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Grandstream GXP1628 up to 1.0.4.130. Affected by this issue is some unknown functionality of the component Directory Listing Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-28170. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in HCL BigFix Remote Control up to 10.1.0.0248. This affects an unknown part. The manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-31965. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in JetBrains TeamCity and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-54530. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in JetBrains TeamCity on Windows. Affected is an unknown function of the component Plugin Unpacking. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-54531. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Pwn2Own赛事将在爱尔兰举行，比赛将于2025年10月21日至24日举行。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

同源策略（SOP）是浏览器的安全机制，限制不同网站脚本间的交互。它通过协议、域名和端口判断资源是否来自同一来源。若来源不同，则禁止脚本访问或操作其他网站的数据和资源。

文章介绍了HTTP协议中的Cookies机制及其作用。Cookies是元数据，用于跟踪无状态的HTTP会话。网站通过Set-Cookie头在浏览器中设置Cookies，并在后续请求中包含这些信息以识别用户。文章详细解释了Cookie的属性（如Domain、Path、Secure）及其生命周期管理，并通过示例演示了如何设置和使用HttpOnly标志以增强安全性。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

面向军警单位的安全保密专项大礼包来了~

文章探讨了云基础设施安全中的关键挑战，包括身份管理、访问控制和资源配置中的配置错误。Azure、GCP和AWS平台均面临潜在攻击风险，如过度权限角色、公开存储容器及暴露的服务主体凭证。红队可利用这些漏洞进行权限提升、数据外泄或持久化访问。防御措施包括强化IAM策略、监控日志及使用安全工具。

Let me take you on an exciting journey of how I uncovered a massive security flaw in a professional

作者发现了一个类似LinkedIn的专业社交平台的重大安全漏洞。通过利用聊天功能中的XSS漏洞，他成功接管了目标账户，并最终公开披露该漏洞以引起重视。

文章介绍了一种利用OSINT（公开来源情报）和工具（如CeWL和Hashcat）生成定制密码列表的方法，用于解决Hack The Box模块中的密码攻击练习。通过收集目标个人信息、生成初始词典、组合扩展和应用规则变换，最终创建符合密码策略的候选列表，并使用Hashcat尝试破解目标哈希值。

Swagger UI 是一个用于可视化和交互 API 端点的开源工具，但暴露或配置不当可能导致安全风险如 XSS 和 HTML 注入。常见问题包括缺乏访问控制和输入验证。使用 Subfinder 收集子域名有助于发现潜在漏洞。

Swagger UI 是一个帮助开发者与API交互的工具。暴露或配置不当可能导致安全漏洞如XSS和注入。常见问题包括缺乏访问控制和输入清理。使用Subfinder收集子域名有助于发现潜在风险。

Here’s My 3-Year Self-Taught JourneyThis is my Journey my story about what i did in these past years

三年前，作者因对技术的热爱而辍学，并通过自学成为网络安全专家。尽管面临家人和朋友的质疑，他凭借毅力和努力，在网络安全领域取得了显著成就，并通过写作和研究进一步发展了自己的事业。