CVE-2025-54120

PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...

CVE-2025-54120

PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...

OAuth authentication memory vulnerability caution a user identity hijacking-vulnerability warning-the black bar safety net

With OpenSSL, like OAuthOpen Authorizationas a widely used open-source third-party login authentication Protocol, this year also broke a security vulnerability. In the third session of the know the security Forum, from Sina Weibo of the blue di snowball shows Sina as early as year 3 months...

CSCMS V3.5 最新版 后台命令执行GETSHELL（源码详析）

简要描述： CSCMS V3.5 最新版 后台PHP命令执行GETSHELL（源码详析） CSCMS的全新架构加强了安全性，以往的一串漏洞均已修复， 读代码，发现还有新的漏洞 代码分析见详细说明，测试演示在漏洞证明里 详细说明： 漏洞位置为后台的 网站设置-第三方登录设置 中 有关代码如下： /app/controllers/admin/setting.php line:426 public function dengluedit //设置第三方登录的几项配置 $this-CsdjAdmin-AdminQx'4'; //注意，本处已使用xssclean过滤特定字符，之后的结论会用到...