unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More!
Pwn2Own Automotive 2026将于2026年1月21日至23日在东京举行,新增超级充电器类别,并引入AGL操作系统挑战。特斯拉、Alpitronic和Open Charge Alliance为合作伙伴。活动包括随机抽签决定比赛顺序,并设Master of Pwn奖项。...
2025-10-16 15:0:42 | 阅读: 40 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
automotive
pwn2own
charger
contest
tesla
The October 2025 Security Update Review
read file error: read notes: is a directory...
2025-10-14 18:38:44 | 阅读: 84 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
windows
security
cves
attacker
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
read file error: read notes: is a directory...
2025-10-8 14:0:0 | 阅读: 50 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
revit
windows
astring
rfa
crash
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
read file error: read notes: is a directory...
2025-9-24 16:41:31 | 阅读: 18 |
收藏
|
0day Fans - www.thezdi.com
security
pickle
checkpoint
nvidia
The September 2025 Security Update Review
read file error: read notes: is a directory...
2025-9-9 19:6:15 | 阅读: 11 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
windows
attacker
remote
cves
The August 2025 Security Update Review
read file error: read notes: is a directory...
2025-8-12 18:1:32 | 阅读: 20 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
attacker
microsoft
substance
cves
windows
Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target
read file error: read notes: is a directory...
2025-7-31 19:4:37 | 阅读: 22 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
contest
pwn2own
network
cork
award
CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
Cisco ISE存在反序列化和命令注入漏洞,攻击者可利用${IFS}变量绕过Java限制,在Docker容器内执行代码,并借助privileged模式逃逸至宿主机,最终获得root权限,Cisco已修复该问题。...
2025-7-25 16:30:0 | 阅读: 34 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
injection
payload
ise
attacker
ike
CVE-2025-4919: Corruption via Math Space in Mozilla Firefox
Manfred Paul在Pwn2Own Berlin 2025上利用Firefox IonMonkey JIT编译器中的ExtractLinearSum函数漏洞(CVE-2025-4919),通过边界检查绕过实现任意内存读写。该漏洞源于对数学运算空间处理不当,导致错误合并边界检查条件。Mozilla已修复该问题。...
2025-7-15 14:27:27 | 阅读: 36 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
231
indices
mathspace
additions
The July 2025 Security Update Review
Adobe推迟了7月的安全补丁发布,而微软发布了130多个CVE漏洞补丁,其中10个为关键级别。这些漏洞影响Windows、Office、SQL Server等多个产品,部分可导致远程代码执行或权限提升。建议用户及时更新以应对潜在威胁。...
2025-7-8 17:56:31 | 阅读: 26 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
attacker
windows
remote
security
Extracting Embedded MultiMediaCard (eMMC) contents in-system
read file error: read notes: is a directory...
2025-6-20 15:0:58 | 阅读: 18 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
emmc
chip
clk
vddq
signals
The June 2025 Security Update Review
read file error: read notes: is a directory...
2025-6-10 17:24:53 | 阅读: 22 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
windows
cves
security
malicious
Pwn2Own Berlin 2025: Day Three Results
read file error: read notes: is a directory...
2025-5-17 09:40:13 | 阅读: 13 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
nvidia
earns
collision
pwn2own
windows
Pwn2Own Berlin 2025: Day Two Results
read file error: read notes: is a directory...
2025-5-16 09:17:17 | 阅读: 24 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
fuzzinglabs
earns
ventuzelo
pwn2own
nvidia
Pwn2Own Berlin 2025: Day One Results
read file error: read notes: is a directory...
2025-5-15 10:10:50 | 阅读: 17 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
earns
collision
pwn2own
summoning
privs
Pwn2Own Berlin: The Full Schedule
read file error: read notes: is a directory...
2025-5-14 16:1:41 | 阅读: 17 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
30000
nvidia
thursday
triton
inference
The May 2025 Security Update Review
read file error: read notes: is a directory...
2025-5-13 18:27:2 | 阅读: 21 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
attacker
windows
exploited
cves
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
macOS存在一个代码执行漏洞(CVE-2024-44236),因Scriptable Image Processing System(sips)工具在处理ICC Profile文件时未正确验证“lutAToBType”和“lutBToAType”字段导致内存溢出写入。攻击者可通过构造恶意ICC Profile文件诱使用户打开,在目标进程上下文中执行任意代码。该漏洞已修复。...
2025-5-7 18:30:19 | 阅读: 28 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
icc
sips
victim
tagged
clut
The April 2025 Security Update Review
微软和Adobe在四月发布安全更新,微软修复124个CVE(含11个Critical漏洞),涉及权限提升、远程代码执行等;Adobe发布12公告修复54个CVE(含多个Critical漏洞),涵盖Cold Fusion、Photoshop等产品。...
2025-4-8 18:14:25 | 阅读: 22 |
收藏
|
Zero Day Initiative - Blog - www.thezdi.com
microsoft
attacker
windows
security
cves
MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities
文章探讨了使用Binary Ninja的MLIL构建数据流图以检测Use-After-Free(UAF)漏洞的方法。通过追踪内存分配与使用关系,并结合跨函数可达性分析,识别潜在漏洞。该方法利用SSA变量和指针操作构建图结构,并分析内存释放与引用路径间的关联。尽管存在误报问题,但该技术为静态分析提供了一种有效途径。...
2025-3-27 15:4:21 | 阅读: 22 |
收藏
|
0day Fans - www.thezdi.com
memory
ssa
analysis
edges
tracked
Previous
2
3
4
5
6
7
8
9
Next
