unSafe.sh - 不安全

Session Fixation - bluditv3.16.2 Bludit v3.16.2 存在会话固定漏洞，攻击者可利用该漏洞劫持用户会话。具体表现为用户登录后会话ID未更新，导致攻击者可预测或控制会话标识符。该漏洞已在Debian 12环境中复现。建议用户及时更新至最新版本以修复此问题。...
2025-7-8 02:50:48 | 阅读: 14 | 收藏 |

Full Disclosure - seclists.org
bludit stoykov fixation andrey bluditv3

CVE-2025-38089：Linux内核NFS服务器通过NULL指针解引用导致远程拒绝服务漏洞分析 Linux内核SUNRPC子系统存在漏洞CVE-2025-38089，允许远程攻击者通过特制的RPC请求引发内核崩溃（空指针解引用），影响NFS服务器版本自特定提交以来至修复前版本。已修复并公开。...
2025-7-2 13:7:0 | 阅读: 9 | 收藏 |

玄武实验室每日安全 - seclists.org
nfs remote crash dereference 38089

iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5) 苹果iOS 18.5版本存在激活漏洞，攻击者可在用户首次使用前通过网络注入恶意XML配置文件，导致设备信任链和网络行为被操控，影响隐私和安全。该漏洞未被苹果修复，已报告至US-CERT，并引发GDPR等隐私法规风险。...
2025-7-1 06:49:54 | 阅读: 12 | 收藏 |

Full Disclosure - seclists.org
activation payload

Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed Tag</a> <span class="d-block small opacity-50"> ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞，通过返回畸形<title>标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具，修复已提交。...<br> 2025-6-26 04:37:53 | 阅读: 105 | <a onclick='addCollect("345023")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/26')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">httpx</span> <span class="badge bg-secondary">titlebegin</span> <span class="badge bg-secondary">malformed</span> <span class="badge bg-secondary">titleend</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/25')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344416.html">CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement</a> <span class="d-block small opacity-50"> Quest KACE SMA 存在高危漏洞，允许未认证用户通过 Web 接口替换系统许可证，导致拒绝服务。该漏洞 CVSS 评分为 7.5 分，已修复版本包括 13.0.385 等。...<br> 2025-6-24 03:13:31 | 阅读: 86 | <a onclick='addCollect("344416")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/25')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">seralys</span> <span class="badge bg-secondary">quest</span> <span class="badge bg-secondary">kace</span> <span class="badge bg-secondary">sma</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/24')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344417.html">CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload</a> <span class="d-block small opacity-50"> Quest KACE SMA存在未认证备份上传漏洞（CVE-2025-32977），允许攻击者上传恶意备份文件，导致系统受损。该漏洞已修复于多个版本中。...<br> 2025-6-24 03:13:29 | 阅读: 34 | <a onclick='addCollect("344417")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/24')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">seralys</span> <span class="badge bg-secondary">quest</span> <span class="badge bg-secondary">backup</span> <span class="badge bg-secondary">kace</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/23')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344418.html">CVE-2025-32976 - Quest KACE SMA 2FA Bypass</a> <span class="d-block small opacity-50"> Quest KACE SMA存在逻辑缺陷，允许绕过TOTP双因素认证，导致高危漏洞（CVE-2025-32976）。已确认影响14.1版本（旧版或受影响），修复版本包括13.0.385等。该漏洞由Seralys团队于2025年4月发现并披露。...<br> 2025-6-24 03:13:27 | 阅读: 70 | <a onclick='addCollect("344418")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/23')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">seralys</span> <span class="badge bg-secondary">quest</span> <span class="badge bg-secondary">bypass</span> <span class="badge bg-secondary">kace</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/22')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344419.html">CVE-2025-32975 - Quest KACE SMA Authentication Bypass</a> <span class="d-block small opacity-50"> Quest KACE SMA 存在认证绕过漏洞（CVE-2025-32975），允许攻击者无需有效凭证冒充用户并获得完全管理员权限。该漏洞影响 14.1 及以下版本，已通过 13.0.385 等版本修复。...<br> 2025-6-24 03:13:24 | 阅读: 81 | <a onclick='addCollect("344419")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/22')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">seralys</span> <span class="badge bg-secondary">quest</span> <span class="badge bg-secondary">kace</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/21')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344420.html">RansomLord (NG v1.0) anti-ransomware exploit tool</a> <span class="d-block small opacity-50"> RansomLord NG v1.0发布，新增自动化PE文件生成、deweaponize功能和改进的SHA256算法，可拦截并终止61个勒索软件威胁组的活动。...<br> 2025-6-24 03:12:26 | 阅读: 15 | <a onclick='addCollect("344420")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/21')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">ransomware</span> <span class="badge bg-secondary">windows</span> <span class="badge bg-secondary">deweaponize</span> <span class="badge bg-secondary">malvuln</span> <span class="badge bg-secondary">ransomlord</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/20')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-344421.html">Disclosure Yealink Cloud vulnerabilities</a> <span class="d-block small opacity-50"> 两位安全研究人员披露了Yealink RPS设备的多个高危漏洞，包括未经授权访问敏感数据、固件加密问题及认证绕过等。部分漏洞未被修复且影响非停产设备。这些漏洞可能导致PII泄露和中间人攻击。研究人员建议采取多因素认证、限制API访问等措施以提升安全性。...<br> 2025-6-24 03:11:13 | 阅读: 23 | <a onclick='addCollect("344421")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/20')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">rps</span> <span class="badge bg-secondary">yealink</span> <span class="badge bg-secondary">security</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/19')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-343108.html">: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)</a> <span class="d-block small opacity-50"> "Glass Cage"是一种零点击iMessage漏洞链，影响iOS 18.2设备。通过发送恶意PNG图片，攻击者可实现远程代码执行、持久访问及设备砖化。该漏洞利用CoreMedia内存错误和WebKit路径注入，导致全面控制和数据泄露。...<br> 2025-6-18 03:7:23 | 阅读: 22 | <a onclick='addCollect("343108")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/19')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">cnvd</span> <span class="badge bg-secondary">coremedia</span> <span class="badge bg-secondary">07885</span> <span class="badge bg-secondary">imessage</span> <span class="badge bg-secondary">bricking</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/865f7dcccc9ae19a55b3a9d9092b12e0.jpg" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/18')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-343109.html">SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)</a> <span class="d-block small opacity-50"> ONLYOFFICE Docs 存在反射型跨站脚本（XSS）漏洞（CVE-2025-5301），影响版本 8.3.1 及以下。攻击者可通过构造恶意 HTTP 请求注入脚本，在用户浏览器中执行恶意代码，导致会话劫持或钓鱼攻击。建议升级至 8.3.2 或更高版本以修复问题。...<br> 2025-6-18 03:7:11 | 阅读: 18 | <a onclick='addCollect("343109")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/18')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">onlyoffice</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">wopi</span> <span class="badge bg-secondary">github</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/17')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-343110.html">SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem</a> <span class="d-block small opacity-50"> SIMCom SIM7600G调制解调器存在未记录的AT命令漏洞（CVE-2025-26412），允许攻击者以root权限执行系统命令。该漏洞影响固件版本LE20B03SIM7600M21-A。尽管研究人员多次尝试联系厂商，但未获得有效回应或补丁。客户需自行联系供应商获取修复方案。...<br> 2025-6-18 03:7:9 | 阅读: 16 | <a onclick='addCollect("343110")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/17')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">simcom</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">modem</span> <span class="badge bg-secondary">firmware</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/16')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-343111.html">Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025)</a> <span class="d-block small opacity-50"> ERCIM STM WG 2025 Award for Best Ph.D. Thesis on Security and Trust Management invites applications from 2024 European Ph.D. graduates. Applications include thesis, summary, CV, and two recommendation letters, with one from an ERCIM STM WG institution. Deadline is July 31, 2025. Winners will be honored at STM 2025 in Toulouse, France....<br> 2025-6-18 03:3:52 | 阅读: 12 | <a onclick='addCollect("343111")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/16')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">stm</span> <span class="badge bg-secondary">ercim</span> <span class="badge bg-secondary">wg</span> <span class="badge bg-secondary">award</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/90ab02d55b9d0a26ff5e5552bf0f3503.jpg" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/15')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-341212.html">SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version</a> <span class="d-block small opacity-50"> INDAMED MEDICAL OFFICE Demo版本存在本地权限提升和默认凭据漏洞。攻击者可利用服务文件替换或数据库默认密码获取SYSTEM权限并控制设备。厂商计划于2025年Q2和Q3分别修复相关问题。...<br> 2025-6-10 02:44:25 | 阅读: 20 | <a onclick='addCollect("341212")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/15')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">guardian</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">indamed</span> <span class="badge bg-secondary">attacker</span> <span class="badge bg-secondary">medoff</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/14')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-341213.html">Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft</a> <span class="d-block small opacity-50"> 文章披露了iOS 18.2至18.4版本中的零点击iMessage漏洞，可导致安全 enclave密钥被盗、远程代码执行和加密钱包数据被窃取。尽管研究人员进行了负责任的披露，但苹果公司却压制了该研究，并在没有公开承认或致谢的情况下发布了静默修复。...<br> 2025-6-10 02:43:49 | 阅读: 44 | <a onclick='addCollect("341213")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/fulldisclosure\/2025\/Jun\/14')" class="rounded float-left" alt="..."> Full Disclosure - seclists.org </a> <br> <span class="badge bg-secondary">enclave</span> <span class="badge bg-secondary">bypass</span> <span class="badge bg-secondary">31201</span> <span class="badge bg-secondary">imessage</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/oss-sec\/2025\/q2\/226')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-341798.html">Linux内核HFS+文件系统实现问题及发行版暴露分析</a> <span class="d-block small opacity-50"> Linux内核中的HFS+文件系统实现存在漏洞，可能导致文件系统损坏和安全风险。问题可通过正常操作触发，无需挂载恶意文件系统。讨论涉及未授权用户利用、潜在远程攻击风险以及修复情况。...<br> 2025-6-6 16:52:0 | 阅读: 0 | <a onclick='addCollect("341798")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/oss-sec\/2025\/q2\/226')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - seclists.org </a> <br> <span class="badge bg-secondary">hfs</span> <span class="badge bg-secondary">distros</span> <span class="badge bg-secondary">exposure</span> <span class="badge bg-secondary">jacob</span> <span class="badge bg-secondary">malicious</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/oss-sec\/2025\/q2\/216')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-340466.html">Perl 的 File::Find::Rule 0.34 及以下版本在 `grep()` 遇到恶意文件名时存在任意代码执行漏洞</a> <span class="d-block small opacity-50"> File::Find::Rule for Perl (versions ≤ 0.34) is vulnerable to Arbitrary Code Execution via crafted filenames in `grep()`, allowing command injection through improper `open()` usage....<br> 2025-6-5 18:20:0 | 阅读: 8 | <a onclick='addCollect("340466")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/oss-sec\/2025\/q2\/216')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - seclists.org </a> <br> <span class="badge bg-secondary">perl</span> <span class="badge bg-secondary">10007</span> <span class="badge bg-secondary">encounters</span> <span class="badge bg-secondary">github</span> <span class="badge bg-secondary">richardc</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/oss-sec\/2025\/q2\/205')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-340020.html">systemd-coredump和apport中的本地信息泄露漏洞分析与验证</a> <span class="d-block small opacity-50"> Red Hat确认RHEL 9和10受本地信息泄露漏洞（CVE-2025-4598）影响，涉及systemd-coredump。攻击者可通过替换进程获取敏感数据。NetworkManager不受影响，而rpm-ostree仍在调查中。...<br> 2025-6-3 22:44:0 | 阅读: 2 | <a onclick='addCollect("340020")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/oss-sec\/2025\/q2\/205')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - seclists.org </a> <br> <span class="badge bg-secondary">coredump</span> <span class="badge bg-secondary">apport</span> <span class="badge bg-secondary">qualys</span> <span class="badge bg-secondary">chkpwd</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/seclists.org\/oss-sec\/2025\/q2\/201')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-339811.html">none</a> <span class="d-block small opacity-50"> 文章讨论了Linux内核中HFS+文件系统实现的漏洞问题，包括内存溢出、权限提升风险及修复情况。Canonical为漏洞分配了CVE-2025-0927编号，但上游拒绝将其视为安全问题。文章还提到另一个相关CVE（CVE-2025-37782），并探讨了漏洞处理流程及未来合规性要求。...<br> 2025-6-3 15:42:0 | 阅读: 7 | <a onclick='addCollect("339811")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=seclists.org"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fseclists.org%26size%3D128" onerror="this.src=getIcon('seclists.org','https:\/\/seclists.org\/oss-sec\/2025\/q2\/201')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - seclists.org </a> <br> <span class="badge bg-secondary">distros</span> <span class="badge bg-secondary">hfs</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">upstream</span> <span class="badge bg-secondary">attila</span> <br> </span> </label> </td> </tr> </table> </div> <br> <nav class="d-flex justify-content-center" aria-label="Page navigation example"> <ul class="pagination pagination-sm"> <li class="page-item"><a class="page-link" href="/?page=4&domain=seclists.org">Previous</a></li> <li class="page-item"><a class="page-link" href="/?page=5&domain=seclists.org">5</a></li> <li class="page-item"><a class="page-link" href="/?page=6&domain=seclists.org">6</a></li> <li class="page-item"><a class="page-link" href="/?page=7&domain=seclists.org">7</a></li> <li class="page-item"><a class="page-link" href="/?page=8&domain=seclists.org">8</a></li> <li class="page-item"><a class="page-link" href="/?page=9&domain=seclists.org">9</a></li> <li class="page-item"><a class="page-link" href="/?page=10&domain=seclists.org">10</a></li> <li class="page-item"><a class="page-link" href="/?page=11&domain=seclists.org">11</a></li> <li class="page-item"><a class="page-link" href="/?page=12&domain=seclists.org">12</a></li> <li class="page-item"><a class="page-link" href="/?page=6&domain=seclists.org">Next</a></li> </ul> </nav> </div> <script> function addCollect(id) { $.get("/user/addcollect?id=" + id, function(data) { alert(data); }) } </script> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="facebook" viewBox="0 0 16 16"> <path d="M16 8.049c0-4.446-3.582-8.05-8-8.05C3.58 0-.002 3.603-.002 8.05c0 4.017 2.926 7.347 6.75 7.951v-5.625h-2.03V8.05H6.75V6.275c0-2.017 1.195-3.131 3.022-3.131.876 0 1.791.157 1.791.157v1.98h-1.009c-.993 0-1.303.621-1.303 1.258v1.51h2.218l-.354 2.326H9.25V16c3.824-.604 6.75-3.934 6.75-7.951z"/> </symbol> <symbol id="instagram" viewBox="0 0 16 16"> <path d="M8 0C5.829 0 5.556.01 4.703.048 3.85.088 3.269.222 2.76.42a3.917 3.917 0 0 0-1.417.923A3.927 3.927 0 0 0 .42 2.76C.222 3.268.087 3.85.048 4.7.01 5.555 0 5.827 0 8.001c0 2.172.01 2.444.048 3.297.04.852.174 1.433.372 1.942.205.526.478.972.923 1.417.444.445.89.719 1.416.923.51.198 1.09.333 1.942.372C5.555 15.99 5.827 16 8 16s2.444-.01 3.298-.048c.851-.04 1.434-.174 1.943-.372a3.916 3.916 0 0 0 1.416-.923c.445-.445.718-.891.923-1.417.197-.509.332-1.09.372-1.942C15.99 10.445 16 10.173 16 8s-.01-2.445-.048-3.299c-.04-.851-.175-1.433-.372-1.941a3.926 3.926 0 0 0-.923-1.417A3.911 3.911 0 0 0 13.24.42c-.51-.198-1.092-.333-1.943-.372C10.443.01 10.172 0 7.998 0h.003zm-.717 1.442h.718c2.136 0 2.389.007 3.232.046.78.035 1.204.166 1.486.275.373.145.64.319.92.599.28.28.453.546.598.92.11.281.24.705.275 1.485.039.843.047 1.096.047 3.231s-.008 2.389-.047 3.232c-.035.78-.166 1.203-.275 1.485a2.47 2.47 0 0 1-.599.919c-.28.28-.546.453-.92.598-.28.11-.704.24-1.485.276-.843.038-1.096.047-3.232.047s-2.39-.009-3.233-.047c-.78-.036-1.203-.166-1.485-.276a2.478 2.478 0 0 1-.92-.598 2.48 2.48 0 0 1-.6-.92c-.109-.281-.24-.705-.275-1.485-.038-.843-.046-1.096-.046-3.233 0-2.136.008-2.388.046-3.231.036-.78.166-1.204.276-1.486.145-.373.319-.64.599-.92.28-.28.546-.453.92-.598.282-.11.705-.24 1.485-.276.738-.034 1.024-.044 2.515-.045v.002zm4.988 1.328a.96.96 0 1 0 0 1.92.96.96 0 0 0 0-1.92zm-4.27 1.122a4.109 4.109 0 1 0 0 8.217 4.109 4.109 0 0 0 0-8.217zm0 1.441a2.667 2.667 0 1 1 0 5.334 2.667 2.667 0 0 1 0-5.334z"/> </symbol> <symbol id="twitter" viewBox="0 0 16 16"> <path d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"/> </symbol> </svg> <footer class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"> <div class="col-md-4 d-flex align-items-center"> <a href="/" class="mb-3 me-2 mb-md-0 text-muted text-decoration-none lh-1"> </a> <p class="mt-5 mb-3 text-muted">© <a href="https://unsafe.sh">unSafe.sh - 不安全</a> Powered By <a href="https://github.com/code-scan/PaperCache">PaperCache</a></p> </div> <ul style="padding: 20px" class="nav col-md-4 justify-content-end list-unstyled d-flex"> <li class="ms-3"><a href="#">admin#unsafe.sh</a></li> <li class="ms-3"><a href="https://aq.mk">安全马克</a></li> <li class="ms-3"><a href="https://xj.hk">星际黑客</a></li> <li class="ms-3"><a href="https://t00ls.net">T00ls</a></li> </ul> </footer> </body> <script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script> <script>LA.init({id:"KiRUVDOwqCVHgDgf",ck:"KiRUVDOwqCVHgDgf"})</script> </html>