KHack
⌘K
登录
约 5 条结果 · 全文检索
文章安全速报

【严重】OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

system · ◷ 1 · 2026-06-20
文章安全速报

【严重】scimPatch vulnerable to prototype pollution via unfiltered keys in patch

scimPatch vulnerable to prototype pollution via unfiltered keys in patch

system · ◷ 0 · 2026-06-23
文章安全速报

【严重】Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

system · ◷ 0 · 2026-06-23
文章漏洞分析

青龙面板鉴权绕过从路径大小写到 RCE【漏洞复现】

深度剖析青龙面板最新版鉴权绕过漏洞,利用路径大小写特性绕过 JWT 校验,最终实现未授权远程命令执行。 ![图片[1]-HackTwoHub社区](/images/45f63be9807ca031.png) ? 漏洞摘要 项目详情漏洞名称青龙面板鉴权绕过导致 RCE影响版本Qin…

system · ◷ 2 · 2026-03-02
文章安全速报

【高危】skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-t

skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery

system · ◷ 0 · 2026-06-23