OpenClaw(原名Clawbot,又名Moltbook)专题
爆火的OpenClaw(原名Clawbot,被A公司告了,又改名Moltbook,再改名OpenClaw)。
Aggregator
Alleged Sale of Uganda Public Service Commission Job Application Database Containing 7.5 GB of Applicant Records
3 months 2 weeks ago
Alleged Sale of Uganda Public Service Commission Job Application Database Containing 7.5 GB of Applicant Records
Dark Web Informer
What new technologies are boosting Agentic AI capabilities
3 months 2 weeks ago
How Are Non-Human Identities Revolutionizing Cybersecurity? Did you know that machine identities, also known as Non-Human Identities (NHIs), are becoming pivotal? With digital continues to expand, the need for robust security measures grows in parallel. NHIs, a crucial component, are quickly transforming the way organizations approach security, particularly in cloud-based environments. The Role of Non-Human […]
The post What new technologies are boosting Agentic AI capabilities appeared first on Entro.
The post What new technologies are boosting Agentic AI capabilities appeared first on Security Boulevard.
Alison Mack
halo博客系统代码审计
3 months 2 weeks ago
环境搭建https://github.com/halo-dev/halo/releases/tag/v0.4.3白盒审计任意文件删除filename参数被引用位置如图所示srcPath:拼接用户主目录+/halo/backup/+类型+文件名接着FileUtil.del方法进行删除,返回成功失败状态,目前看调用方法没有做防护操作,并且没有跨目录限制等操作测试在217行打断点前台地址找到delBac
用友NC UserSynchronizationServlet 反序列化漏洞分析
3 months 2 weeks ago
漏洞介绍用友NC系统UserSynchronizationServlet方法存在反序列化漏洞,攻击者可执行任意命令,获取敏感信息。 影响版本用友NC6.5漏洞分析漏洞位于nc.bs.pub.im.UserSynchronizationServlet接口漏洞代码:很明显的反序列化漏洞, 接收POST请求时,读取了输入流,之后对输入流方法进行in.readObject()造成了反序列化漏洞 接下来构造
JFinal CMS 5.1.0反序列化漏洞分析
3 months 2 weeks ago
危险函数ObjectInputStream.readObject()ObjectInputStream.readUnshared()XMLDecoder.readObject()XStream.fromXML()Yaml.load()ObjectMapper.readValue()JsonMapper.readValue()JSON.parseObject()JSON.parse()Gson.fr
禅道PMS漏洞挖掘之旅
3 months 2 weeks ago
本文披露禅道PMS 21.7.6中的3个安全漏洞,包括2个SSRF和1个文件删除水平越权,其中2个获CVE编号。
CVE-2025-11953 React Native CLI 远程代码执行 深度解析和复现
3 months 2 weeks ago
CVE-2025-11953 React Native CLI
AI模型水印与后门检测:构建可信赖的AI供应链
3 months 2 weeks ago
AI模型水印与后门检测
绕过 AI 检测:用迭代器构建“合法”恶意代码
3 months 2 weeks ago
前言在现代 Web 应用安全攻防中,攻击者不断演化其技术手段,以规避日益智能的检测机制。传统的基于关键词匹配或简单语法分析的安全防护(如 WAF、SAST 工具甚至部分 AI 驱动的代码扫描系统)正面临严峻挑战,恶意代码不再以明文形式暴露危险函数或命令,而是通过逻辑拆分、数据混淆、运行时重构等高级技巧,将攻击载荷(payload)伪装成合法的业务逻辑。AI检测的思路AI 检测 WebShell 的
DragonForce
3 months 2 weeks ago
You must login to view this content
cohenido
内网渗透-ADCS环境搭建与漏洞利用分析
3 months 2 weeks ago
在生产环境中严禁将证书服务(ADCS)安装在域控制器(DC)上,强烈建议单独部署专用服务器承载证书服务。原因在于证书服务存在特殊特性——部署后无法修改服务器的计算机名称及网络参数,会严重限制DC的维护与扩展。一、环境搭建1. 环境清单主机角色操作系统账户信息备注父域控(DC)Windows Server 2016管理员:SUN\Administrator,密码:Qaz123.;普通用户:SUN\u
深入理解SpEL表达式注入
3 months 2 weeks ago
对这个sink做了重新的研究,同时排除掉之前的一些理解误区。
newbee-mall开源电商项目代码审计:水平越权、支付逻辑缺陷与文件上传漏洞
3 months 2 weeks ago
本文着重分析开源项目newbee-mall的未修复漏洞以及对CVE-2024-48178的思考。
一个反斜杠背后的玄机:未公开APT32样本的反沙箱绕过手法
3 months 2 weeks ago
APT32、shellcode实现驻留、shellcode化rust特马
Play
3 months 2 weeks ago
You must login to view this content
cohenido
Interlock
3 months 2 weeks ago
You must login to view this content
cohenido
Вместо Марса и Луны — разбор полетов. Почему провал H3 — не просто потеря спутника, а удар по всей космической программе Японии
3 months 2 weeks ago
Телеметрия показала падение давления, а камера зафиксировала повреждения спутника
基于AI的开源代码安全审计研究
3 months 2 weeks ago
基于AI的开源代码安全审计研究:通过生成接口文档辅助,对比智能体与Skill方法,Skill在漏洞识别准确率上表现更优,针对误报问题提出优化方案
CVE-2026-1746 | JeecgBoot 3.9.0 Online Report API loadDictItemByKeyword keyword sql injection
3 months 2 weeks ago
A vulnerability was found in JeecgBoot 3.9.0 and classified as critical. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection.
This vulnerability is documented as CVE-2026-1746. The attack can be executed remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com