Aggregator

作者搬到班加罗尔后希望结识对漏洞赏金、CVE研究、安全工具及CTF感兴趣的人，计划组成4-5人的小组协作学习，并偶尔线下交流。

英特尔终止对 Clear Linux 发行版的支持，停止提供安全补丁、更新和维护，并将代码库转为只读模式。建议用户迁移到其他活跃维护的发行版。尽管如此，英特尔仍将继续投资 Linux 生态系统并支持开源项目。

最近大规模裁员和重组的芯片巨头突然宣布终止对 Clear Linux 发行版的支持，从即日起不再为 Clear Linux OS 提供安全补丁、更新或维护，项目托管在 GitHub 上的代码库将转为只读模式，它建议使用 Clear Linux 的用户尽快迁移到其它活跃维护的发行版。英特尔在声明中同时强调会继续投资 Linux 生态系统，积极支持和贡献开源项目和 Linux 发行版，支持和优化英特尔硬件。英特尔是在 2015 年为解决容器安全问题而宣布了 Clear Linux 发行版项目，至今有十年历史。

BurpSuite+MitmProxy 自动计算 Sign前言之前发表过关于 Sign 值的说明, 可以说这

当前环境出现异常问题，需完成验证后方可继续访问相关内容或功能。

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. This vulnerability was named CVE-2025-7865. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-7864. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. This vulnerability is handled as CVE-2025-7863. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

这是一个地下技能社区，旨在帮助新手成长为资深黑客。成员可在此提问、解答和学习，并通过Discord进行交流。

Submit #618190 / VDB-316978

Submit #618189 / VDB-316977

Submit #618188 / VDB-316976

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. This vulnerability is known as CVE-2025-7862. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2025-7861. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/login_admin.php. The manipulation of the argument Username leads to sql injection. The identification of this vulnerability is CVE-2025-7860. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/update_password_admin.php. The manipulation of the argument new_password leads to sql injection. This vulnerability was named CVE-2025-7859. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #617643 / VDB-316975

A vulnerability classified as problematic has been found in PHPGurukul Apartment Visitors Management System 1.0. This affects an unknown part of the file /admin-profile.php of the component HTTP POST Request Handler. The manipulation of the argument adminname leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7858. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file bwdates-passreports-details.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. This vulnerability is handled as CVE-2025-7857. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pass-details.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. This vulnerability is known as CVE-2025-7856. The attack can be launched remotely. Furthermore, there is an exploit available.