Aggregator

本次分析的 CVE-2025-64111是 Gogs 平台因CVE-2024-56731 补丁修复不完整引发的二次高危远程命令执行漏洞。该漏洞存在于 Gogs ≤0.13.3 版本，核心因UpdateRepoFile函数的.git 路径校验覆盖不全、isRepositoryGitPath校验函数的设计缺陷，导致攻击者可通过符号链接路径映射或直接操控原始路径的方式绕过防护，篡改仓库.git/conf

禅道最新版的一个任意文件读取，两个任意文件删除

本文介绍什么是 Agent Hook，以及如何借助 Hook 机制在 AI 编程助手中实现「规范注入 + 事前拦截 + 事后扫描 + 安全审计」的安全闭环，并对公司相关信息做了脱敏处理。

根据源码了解pwn的常见的框架的编写

对mssql&mysql一次简洁且详细的总结

一些隐写方式和解题方法的总结及shp与vxl文件格式的简介

第二届“启航杯”网络安全挑战赛应急溯源全解

谁在偷窥你的键盘？揭秘潜伏在系统进程背后的“银狐”

re的进阶的知识，补充常见的理论以及新出现的wasm类型

2026年新春杯Misc方向所有题目的正反手解析

学点高级玩意儿

Learn how Zero-Knowledge Proofs (ZKP) provide verifiable tool execution for Model Context Protocol (MCP) in a post-quantum world. Secure your AI infrastructure today.

The post Zero-Knowledge Proofs for Verifiable MCP Tool Execution appeared first on Security Boulevard.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

2026春秋杯wp

CVE-2026-23873 & CVE-2026-24479 审计过程

A vulnerability was found in Linux Kernel up to 6.1.157/6.6.113/6.12.54/6.17.4/6.18-rc1. It has been classified as critical. The affected element is an unknown function of the component Terms Of Mailbox API. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-40104. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18-rc1. This impacts the function open_by_handle_at. Such manipulation leads to memory leak. This vulnerability is listed as CVE-2025-40105. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.54/6.17.4/6.18-rc1. It has been rated as critical. Affected by this vulnerability is the function btrfs_load_block_group_zone_info. Performing a manipulation results in memory leak. This vulnerability is identified as CVE-2025-40101. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.157/6.6.113/6.12.54/6.17.4/6.18-rc1. This affects the function cifs_put_tlink. The manipulation results in improper update of reference count. This vulnerability is reported as CVE-2025-40103. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17.4/6.18-rc1. Affected by this issue is some unknown functionality of the component arm64. Executing a manipulation can lead to uninitialized pointer. This vulnerability is tracked as CVE-2025-40102. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.