Aggregator

敏感信息泄露常见但难以追踪，本文结合OWASP场景深入分析，提供利用与防护建议。

A vulnerability classified as problematic has been found in Google Go 1.23/1.24. Affected is an unknown function of the component net-http. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2025-22871. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Fortinet FortiSIEM up to 6.5.1/6.6.3/6.7.2/7.0.0. It has been rated as very critical. This issue affects some unknown processing of the component GUI. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2023-40714. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OSRF ROS Indigo Igloo/Kinetic Kame/Melodic Morenia. It has been declared as critical. This vulnerability affects the function yaml.load of the component dynparam. The manipulation leads to deserialization. This vulnerability was named CVE-2024-39780. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

Currently trending CVE - Hype Score: 26 - A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative ...

本文深入剖析D-Link DWR-932B路由器的固件安全，揭示可能导致攻击者未经授权访问和控制设备的严重漏洞，包括硬编码凭据、弱根密码以及管理与更新机制中的关键缺陷，如未认证的远程命令执行和不安全的固件更新协议。研究采用静态与动态分析相结合的方法，并通过逆向工程定位问题。本文可能存在一些不足，请大家斧正！此分析提醒人们在不断扩展的IoT生态系统中，强化安全实践的重要性，适合安全爱好者、网络管理员

一项对年轻男性的研究发现，冷水浸泡可能会使身体更健康，并在细胞层面预防疾病、延缓衰老。在研究中，共有 10 名健康男性接受了浸泡实验，他们连续 7 天浸泡于 14°C 的冷水中 1 小时，并由研究人员在适应期前后采集血液样本，以分析他们的细胞反应。研究显示，尽管高强度冷应激最初会导致自噬功能失调，但持续一周的暴露使自噬活性增强并同时减少细胞损伤信号。研究为冷水浸泡的效果提供了科学支持，凸显了适应性方案在提升人类健康中的重要性，尤其适用于暴露于极端温度的场景。需要注意的是，该研究结果仅适用于年轻男性，其他人群的效果仍需进一步研究。

Даже анализ сетевого трафика не всегда выдаёт его присутствие.

The UK’s data protection regulator says it is overwhelmed with complaints from the public

不会绕WAF？那还不进来学习！一文教会你绕WAF思维，以及绕WAF的payload构造原理！

The NCSC’s CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, newsletter)

Сервис оставил российских пользователей за бортом.

小迪安全2024内网靶场-VPC1 & VPC2 & VPC3

A vulnerability was found in Vasion Print Virtual Appliance Host and classified as problematic. Affected by this issue is some unknown functionality of the component Antivirus Protection. The manipulation leads to protection mechanism failure. This vulnerability is handled as CVE-2025-27665. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Vasion Print Virtual Appliance Host. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-27666. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host up to 22.0.842 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-27678. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host up to 22.0.842. It has been classified as critical. Affected is an unknown function. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-27669. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component User Email Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-27667. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Vasion Print Virtual Appliance Host. This affects an unknown part. The manipulation leads to improper verification of cryptographic signature. This vulnerability is uniquely identified as CVE-2025-27670. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.