【低危】Gogs has DoS in rendering issue index pattern
Gogs has DoS in rendering issue index pattern
【高危】LangSmith SDK TracingMiddleware: Arbitrary server-side file read
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
【严重】scimPatch vulnerable to prototype pollution via unfiltered keys in patch
scimPatch vulnerable to prototype pollution via unfiltered keys in patch
【中危】SurrealDB: Denial of Service via deep operator chains
SurrealDB: Denial of Service via deep operator chains
【中危】pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file rea
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
【严重】OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
【中危】zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS
zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Ghost_Bits_Cast_Attack_深度解读
原文PDF文件: Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf Cast Attack 技术全解:Ghost Bits 如何撕裂 Java 安全边界 从底层位运算到企业级防御体系——基于 Asia-26-Bai-Cast-Attack-G…
【高危】@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
【高危】Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF