CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

pentesting-notes

🔐 Pentesting Notes Personal penetration testing documentati...

pentesting-writeups

🔐 Pentesting Writeups Personal penetration testing document...

PT-2026-24421

Name of the Vulnerable Software and Affected Versions Feathersjs versions 5.0.0 through 5.0.41 Description Feathersjs is a framework used for building web APIs and real-time applications. Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch,...

PT-2026-24466

Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0 Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intende...

Ivanti Desktop and Server Management 安全漏洞

Ivanti Desktop and Server Management Ivanti DSM is a multi-platform unified endpoint management solution provided by the American company Ivanti. Versions of Ivanti Desktop and Server Management prior to 2026.1.1 contained security vulnerabilities. These vulnerabilities were due to exposed...

PT-2026-24298

Уязвимость компонента Windows Authentication операционных систем Windows связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...

Microsoft Windows App Installer 数据伪造问题漏洞

The Microsoft Windows App Installer is a tool provided by Microsoft Corporation for use with the Windows 10 and Windows 11 operating systems. It allows users to easily install applications by double-clicking .msix or .msixbundle files. This tool supports installation from websites, optional...

A Comparative Study of Recent Advances in Internet of Intrusion Detection Things

The Internet of Things IoT has revolutionized the way devices communicate and interact with each other, but it has also created new challenges in terms of security. In this context, intrusion detection has become a crucial mechanism to ensure the safety of IoT systems. To address this issue, a...

Broken Access: On the Challenges of Screen Reader Assisted Two-Factor and Passwordless Authentication

In today's technology-driven world, web services have opened up new opportunities for blind and visually impaired people to interact independently. Securing interactions with these services is crucial; however, currently deployed authentication mainly concentrate on sighted users, overlooking the...

DEBIAN-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model

This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...

Gravity Falls: A Comparative Analysis of Domain-Generation Algorithm (DGA) Detection Methods for Mobile Device Spearphishing

Mobile devices are frequent targets of eCrime threat actors through SMS spearphishing smishing links that leverage Domain Generation Algorithms DGA to rotate hostile infrastructure. Despite this, DGA research and evaluation largely emphasize malware C2 and email phishing datasets, leaving limited...

Comparison of Credential Management Systems Based on the Standards of IEEE, ETSI, and YD/T 3957-2021

As V2X Vehicle-to-Everything technology becomes increasingly prevalent, the security of V2X networks has garnered growing attention worldwide. In North America, the IEEE 1609 series standards are primarily used, while Europe adopts the ETSI series standards, and China has also established its...

How the Graph Construction Technique Shapes Performance in IoT Botnet Detection

The increasing incidence of IoT-based botnet attacks has driven interest in advanced learning models for detection. Recent efforts have focused on leveraging attention mechanisms to model long-range feature dependencies and Graph Neural Networks GNNs to capture relationships between data instance...

Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems

Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems. Intrusion Detection Systems IDS trained on static datasets often fail to generalize to unseen threats and suffer from catastrophic forgetti...

[SECURITY] Fedora 42 Update: munge-0.5.18-1.fc42

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

Zulip 安全漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Zulip has a security vulnerability, which stems from the lack of specific authorization checks...

CVE-2026-27117

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...