Aggregator
.NET内网实战:通过 Windows 系统服务注册表值实现权限维持
10 months ago
红队视角下的 IIS 资产速查工具 Sharp4WebManager
10 months ago
当前环境出现异常问题,需完成验证后才能继续访问。
.NET 安全攻防知识交流社区
10 months ago
当前环境异常,请完成验证以继续访问。
.NET内网实战:通过 Windows 系统服务注册表值实现权限维持
10 months ago
当前环境出现异常,需完成验证后方可继续访问。
网络安全行业需要更少的产品,更好的产品
10 months ago
本文分析网络安全行业的同质化困境,指出头部厂商陷入“效率陷阱”,初创企业误入“对标竞争”。作者主张先明确战略定位,再追求效率;通过聚焦 ICP 与 JTBD来定义“好产品”。唯有“更少、更好”,行业才能真正复苏。
CVE-2025-30875 | WP Weixin Theme up to 1.3.16 on WordPress cross site scripting
10 months ago
A vulnerability was found in WP Weixin Theme up to 1.3.16 on WordPress. It has been rated as problematic. This impacts an unknown function. The manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2025-30875. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-32688 | Target Video Easy Publish Plugin up to 3.8.5 on WordPress Shortcode do_shortcode authorization
10 months ago
A vulnerability, which was classified as critical, was found in Target Video Easy Publish Plugin up to 3.8.5 on WordPress. The impacted element is the function do_shortcode of the component Shortcode Handler. Executing manipulation can lead to missing authorization.
This vulnerability appears as CVE-2025-32688. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-39541 | WP Simple Booking Calendar Plugin up to 2.0.13 on WordPress authorization
10 months ago
A vulnerability classified as critical was found in WP Simple Booking Calendar Plugin up to 2.0.13 on WordPress. This affects an unknown function. Executing manipulation can lead to missing authorization.
This vulnerability is registered as CVE-2025-39541. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-39523 | GoodBarber Plugin up to 1.0.26 on WordPress redirect
10 months ago
A vulnerability labeled as problematic has been found in GoodBarber Plugin up to 1.0.26 on WordPress. Affected by this issue is some unknown functionality. Such manipulation leads to open redirect.
This vulnerability is documented as CVE-2025-39523. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-39553 | andy_moyle Church Admin Plugin up to 5.0.9 on WordPress information disclosure
10 months ago
A vulnerability described as problematic has been identified in andy_moyle Church Admin Plugin up to 5.0.9 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to information disclosure.
This vulnerability appears as CVE-2025-39553. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-32486 | ho3einie Material Dashboard Plugin up to 1.4.6 on WordPress publicAjaxHandler random values
10 months ago
A vulnerability classified as critical has been found in ho3einie Material Dashboard Plugin up to 1.4.6 on WordPress. This issue affects the function publicAjaxHandler. The manipulation leads to insufficiently random values.
This vulnerability is traded as CVE-2025-32486. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-47437 | LiteSpeed Cache Plugin up to 7.0.1 on WordPress server-side request forgery
10 months ago
A vulnerability marked as critical has been reported in LiteSpeed Cache Plugin up to 7.0.1 on WordPress. Affected is an unknown function. The manipulation leads to server-side request forgery.
This vulnerability is traded as CVE-2025-47437. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-47570 | villatheme WooCommerce Photo Reviews Premium Plugin up to 1.3.13 on WordPress cross site scripting
10 months ago
A vulnerability was found in villatheme WooCommerce Photo Reviews Premium Plugin up to 1.3.13 on WordPress and classified as problematic. Impacted is an unknown function. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-47570. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-47569 | WooCommerce Ultimate Gift Card Plugin up to 2.8.10 on WordPress sql injection
10 months ago
A vulnerability was found in WooCommerce Ultimate Gift Card Plugin up to 2.8.10 on WordPress. It has been classified as critical. This issue affects some unknown processing. This manipulation causes sql injection.
This vulnerability is registered as CVE-2025-47569. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-47579 | Photography Plugin up to 7.5.2 on WordPress deserialization
10 months ago
A vulnerability classified as critical was found in Photography Plugin up to 7.5.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in deserialization.
This vulnerability is identified as CVE-2025-47579. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-47571 | Super Store Finder Plugin up to 6.9.7 on WordPress file inclusion
10 months ago
A vulnerability has been found in Super Store Finder Plugin up to 6.9.7 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to file inclusion.
This vulnerability is documented as CVE-2025-47571. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-10107 | TRENDnet TEW-831DR 1.0 (601.130.1.1410) /boafrm/formSysCmd sysHost command injection
10 months ago
A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410) and classified as critical. Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection.
This vulnerability is uniquely identified as CVE-2025-10107. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
微软Office两大高危漏洞,可导致恶意代码执行
10 months ago
微软针对Microsoft Office中的两个高危漏洞发布补丁,编号为CVE-2025-54910(严重)和CVE-2025-54906(重要)。前者通过预览窗格本地执行代码,后者需用户打开恶意文件。建议立即安装补丁以降低风险。
基础 | 突破内网拿到主机权限后的第一件事儿
10 months ago