从"付费打卡"到"打卡捐花":一个公益小实验的诞生
如果你在用敲敲,更新到最新版本,面板顶部会出现小红花的入口。欢迎参与这个小实验,也欢迎告诉我们你的想法。
Aggregator
CVE-2025-13154
3 months ago
Currently trending CVE - Hype Score: 6 - An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
DragonForce
3 months ago
You must login to view this content
cohenido
DragonForce
3 months ago
You must login to view this content
cohenido
Proofpoint acquires Acuvity to tackle the security risks of agentic AI
3 months ago
Proofpoint is snapping up the startup to solve the industry’s newest headache: knowing what your autonomous AI is actually doing.
The post Proofpoint acquires Acuvity to tackle the security risks of agentic AI appeared first on CyberScoop.
Greg Otto
安全合规、智能高效,威努特助力智慧矿山安全建设
3 months ago
护航矿山智能化高质量转型。
Daily Dose of Dark Web Informer - February 12th, 2026
3 months ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer
Apple discloses first actively exploited zero-day of 2026
3 months ago
The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.
The post Apple discloses first actively exploited zero-day of 2026 appeared first on CyberScoop.
Matt Kapko
CVE-2026-1458 | GitLab Community Edition/Enterprise Edition up to 18.6.5/18.7.3/18.8.3 allocation of resources (Nessus ID 298790)
3 months ago
A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.6.5/18.7.3/18.8.3. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to allocation of resources.
This vulnerability is handled as CVE-2026-1458. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2025-12059 | Logo j-Platform up to 13112025 file information disclosure
3 months ago
A vulnerability marked as problematic has been reported in Logo j-Platform up to 13112025. Affected is an unknown function. Performing a manipulation results in file and directory information exposure.
This vulnerability is identified as CVE-2025-12059. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-64075 | ZBT WE2001 23.09.27 Cookie check_token path traversal
3 months ago
A vulnerability labeled as critical has been found in ZBT WE2001 23.09.27. This issue affects the function check_token of the component Cookie Handler. The manipulation results in path traversal.
This vulnerability was named CVE-2025-64075. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-65480 | Pacom Unison Client 5.13.1 Report Template cross site scripting
3 months ago
A vulnerability was found in Pacom Unison Client 5.13.1. It has been rated as problematic. The impacted element is an unknown function of the component Report Template Handler. This manipulation causes cross site scripting.
This vulnerability appears as CVE-2025-65480. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-69874 | unjs nanotar up to 0.2.0 Tar parseTar/parseTarGzip path traversal
3 months ago
A vulnerability marked as critical has been reported in unjs nanotar up to 0.2.0. Affected by this vulnerability is the function parseTar/parseTarGzip of the component Tar Handler. The manipulation leads to path traversal.
This vulnerability is uniquely identified as CVE-2025-69874. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-70029 | SunbirdEd 1.13.4 TLS/SSL certificate validation
3 months ago
A vulnerability was found in SunbirdEd 1.13.4. It has been rated as critical. Affected is an unknown function of the component TLS/SSL. Performing a manipulation results in improper certificate validation.
This vulnerability is reported as CVE-2025-70029. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-70084 | OpenSatKit 2.2.1 FileUtil_GetFileInfo path traversal
3 months ago
A vulnerability categorized as critical has been discovered in OpenSatKit 2.2.1. Affected by this vulnerability is the function FileUtil_GetFileInfo. Executing a manipulation can lead to path traversal.
This vulnerability appears as CVE-2025-70084. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-70083 | OpenSatKit 2.2.1 DirName stack-based overflow
3 months ago
A vulnerability classified as critical was found in OpenSatKit 2.2.1. This issue affects some unknown processing. Executing a manipulation of the argument DirName can lead to stack-based buffer overflow.
This vulnerability is handled as CVE-2025-70083. The attack can only be done within the local network. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-70085 | OpenSatKit 2.2.1 file.c FILE_ConcatenateCmd stack-based overflow
3 months ago
A vulnerability labeled as critical has been found in OpenSatKit 2.2.1. Affected is the function FILE_ConcatenateCmd of the file file.c. Executing a manipulation can lead to stack-based buffer overflow.
This vulnerability is handled as CVE-2025-70085. The attack can only be done within the local network. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
香港科技大学 | 评估与增强大语言模型解决夺旗赛挑战的能力
3 months ago
本文首次对LLM在CTF领域的核心技术知识进行了系统测量,并基于发现的问题提出了有效的增强方案。
Threat Attack Update - February 12th, 2026
3 months ago
Threat Attack Update - February 12th, 2026
Dark Web Informer
CVE-2025-33042 | Apache Avro Java SDK up to 1.11.4/1.12.0 Schema Record Generator code injection
3 months ago
A vulnerability classified as critical has been found in Apache Avro Java SDK up to 1.11.4/1.12.0. Affected by this issue is some unknown functionality of the component Schema Record Generator. This manipulation causes code injection.
This vulnerability is handled as CVE-2025-33042. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com