Aggregator

漏洞来源一个满评分漏洞漏洞描述enclave-vm 是一个基于 Node.js 的 JavaScript 沙箱工具，专为运行 AI 代理代码设计，目标是：隔离不可信的用户代码，在受限环境中执行 JavaScript，防止恶意代码访问文件系统、网络等敏感资源。它使用了 Node.js 的 VM 模块 或类似的机制构建隔离环境，但依赖于 JavaScript 的原型链和对象继承机制。在 enclave

A vulnerability categorized as problematic has been discovered in phpkobo AjaxNewTicker 1.0.5. The affected element is an unknown function of the file index.php. Such manipulation of the argument cmd leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-41453. The attack can be launched remotely. No exploit exists.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been declared as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument txt results in cross site scripting. This vulnerability is known as CVE-2023-41451. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been rated as problematic. Impacted is an unknown function of the file index.php. This manipulation of the argument txt causes cross-site request forgery. This vulnerability is handled as CVE-2023-41452. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in phpkobo AjaxNewsTicker 1.0.5. Affected is an unknown function. The manipulation of the argument reque results in code injection. This vulnerability is identified as CVE-2023-41450. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2023-41448. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as critical has been reported in phpkobo AjaxNewsTicker 1.0.5. This impacts an unknown function. The manipulation of the argument reque leads to server-side request forgery. This vulnerability is referenced as CVE-2023-41449. Remote exploitation of the attack is possible. No exploit is available.

Киберпреступники теперь знают, где находится каждый корпоративный смартфон.

攻击者不需要破解模型、不需要对抗训练，只需要找到上下文污染的入口，就能让Agent自己执行攻击。

JWT密钥硬编码+JDBC URL参数未过滤，导致未授权任意文件读取及RCE漏洞。

漏洞来源漏洞描述vLLM 是一个用于大型语言模型 (LLM) 的推理和服务引擎。在 0.10.2 到 0.11.1 版本之前，其补全 API 端点存在一个内存损坏漏洞，可能导致程序崩溃（拒绝服务攻击）甚至远程代码执行 (RCE)。该漏洞在处理用户提供的提示嵌入时，使用 `torch.load()` 加载序列化张量，但缺乏充分的验证。由于 PyTorch 2.8.0 引入的一项变更，稀疏张量完整性检

LLM安全护栏攻防对抗

Name: Eschaton CTF 2026 Quals (an Eschaton CTF event.)
Date: Jan. 31, 2026, 4:30 a.m. — 01 Feb. 2026, 04:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://esch26.mcsc.space/
Rating weight: 23.42
Event organizers: Team MCSC

Name: PascalCTF 2026 (an PascalCTF event.)
Date: Jan. 31, 2026, 8 a.m. — 01 Feb. 2026, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.pascalctf.it/
Rating weight: 23.94
Event organizers: Paolo

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where cybersecurity blind spots emerge, why availability can outweigh confidentiality, and how security teams protect complex, legacy-driven research infrastructure while supporting scientific progress. Inside Microsoft’s veteran-to-tech workforce pipeline In this Help Net Security interview, Chris Cortez, … More →

The post Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw appeared first on Help Net Security.

Лента событий, заметки и экспорт для отчета, но самое интересное, насколько удобно это в боевом темпе.

A vulnerability was found in Linux Kernel up to 6.6.83/6.12.19/6.13.7. It has been declared as critical. Impacted is the function corrupt_bio_byte. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-21966. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.83/6.12.19/6.13.7. The impacted element is the function ksmbd_free_work_struct. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2025-21967. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.19/6.13.7. It has been rated as critical. The affected element is the function scx_bpf_select_cpu_dfl. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2025-21965. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. This affects an unknown function of the component cifs. The manipulation results in integer overflow. This vulnerability is identified as CVE-2025-21963. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.