Aggregator

yii2.0.x框架文件上传风险分析

该环境为多个域环境组成，涵盖多个域内知识点及利用过程。

Заброшенный AgreeTo ожил и стал пожирать учетные данные как бешеный.

Linux版CS样本分析与配置解密

Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread reports of critical boot failures just days after deployment. Users describe devices entering infinite restart loops, often exceeding 15 cycles, preventing access to the desktop. This cumulative update delivers essential security fixes alongside quality […]

The post Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop appeared first on Cyber Security News.

Инструмент тотального контроля внезапно стал объектом всеобщего обсуждения.

Диски нужны, чтобы чат-бот мог написать вам диплом.

Name: Breach Point CTF - Siege Of Troy(Online Round) (an Breach Point CTF event.)
Date: Feb. 14, 2026, 7:30 a.m. — 15 Feb. 2026, 07:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://breachpoint.live/
Rating weight: 0
Event organizers: BreachPoint-SOT

Name: TaipanByte’s Chart CTF (an TaipanByte CTF event.)
Date: Feb. 14, 2026, 10 a.m. — 15 Feb. 2026, 10:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://chart.taipanbyte.ru/
Rating weight: 0
Event organizers: TaipanByte

A vulnerability has been found in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25 and classified as problematic. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. This vulnerability is known as CVE-2026-2538. Attacking locally is a requirement. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. This vulnerability is traded as CVE-2026-2537. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #749345 / VDB-346126

A vulnerability, which was classified as problematic, has been found in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. This vulnerability appears as CVE-2026-2536. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #749196 / VDB-346125

A vulnerability classified as critical was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. This vulnerability is reported as CVE-2026-2535. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. This vulnerability is documented as CVE-2026-2534. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #748808 / VDB-346124

Submit #748807 / VDB-346124