Posts

• Nov 24, 2024

  Gitlab Html Injection in file search

• Nov 20, 2024

  2024 Intigriti CTF, some Web solution

• Jul 9, 2024

  CVE-2024-39903: Local File Inclusion in Solara

• Jul 9, 2024

  Arbitrary File Overwrite in jupyter notebook

• Jun 24, 2024

  Zipslip when parsing invoice zip file via InvoiceOCRAssistant in metagpt

• Jun 4, 2024

  XSS in Siyuan Electron App when rendering mermaid block diagram Leading to RCE(Just Thanks)

• Jun 4, 2024

  XSS in Bluestone Electron App when rendering mermaid class diagram Leading to RCE(Just Thanks)

• Jun 2, 2024

  XSS in Outline when rendering mermaid diagrams(No Security Impact!)

• May 29, 2024

  Arbitrary File Overwrite via unstructured-ingest in unstructured(Just Thanks)

• May 27, 2024

  Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in intel-extension-for-transformers neural_chat

• May 27, 2024

  Arbitrary File Deletion via Path Traversal in intel-extension-for-transformers neural_chat

• May 26, 2024

  Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in langflow Pre-release(No Response)

• May 16, 2024

  Google: Local File Inclusion in FHIR Pipelines Controller

• May 11, 2024

  Hackerone: Store XSS in Gitness markdown comment editor

• May 8, 2024

  Google: Local File Inclusion in Turbinia API Server

• Apr 30, 2024

  Dev.to(Forem) cta xss(No Response,But Fixed!)

• Apr 10, 2024

  CVE-2024-32005: Local File Inclusion in NiceGUI leaflet component

• Apr 10, 2024

  Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in agent-protocol

• Apr 9, 2024

  高危：有道智云存在微博OAuth2登录缺陷串联XSS漏洞实现账户劫持(忽略!)

• Apr 7, 2024

  CVE-2024-5187: Arbitrary File Overwrite in onnx

• Mar 27, 2024

  中危：网易灵犀企业邮箱存在存储型XSS漏洞

• Mar 24, 2024

  高危：网易云课堂ai设计工坊存在文件读取漏洞

• Mar 17, 2024

  中危：有道云笔记网页版思维导图存在存储型XSS漏洞

• Mar 17, 2024

  中危：有道云笔记网页版白板存在存储型XSS漏洞

• Mar 17, 2024

  中危：有道云笔记网页端渲染流程图存在存储型XSS漏洞

• Mar 16, 2024

  中危：有道云笔记markdown模式渲染类图(classDiagram)存储型XSS漏洞

• Jan 15, 2024

  Reproduction: Gitlab Arbitrary file read via the bulk imports UploadsPipeline

• Jan 10, 2024

  Reproduction: Gitlab Arbitrary file read via the UploadsRewriter when moving and issue

• Dec 30, 2023

  Gitlab debugging: Using gitlab official docker to debug rails backend

• Dec 25, 2023

  Reproduction: Gitlab Cross-site Scripting (XSS) - Stored in RDoc wiki pages

• Dec 5, 2023

  Reproduction: Gitlab Stored XSS in markdown when redacting references

• Nov 25, 2023

  Reproduction: Gitlab Stored XSS via Kroki diagram

• Nov 15, 2023

  Reproduction: Gitlab Stored-XSS with CSP-bypass via labels' color

• Nov 1, 2023

  Reproduction: Gitlab CSP-bypass XSS in project settings page

• Oct 20, 2023

  高危：网易大神手机客户端Webview mxss漏洞

• Oct 19, 2023

  中危：网易大神Web端频道签到消息存储型XSS漏洞

• Oct 18, 2023

  中危：网易大神Web端频道分享帖子存储型XSS漏洞

• Sep 20, 2023

  低危：网易UU论坛深井Web版评论等功能存在SSRF漏洞

• Sep 15, 2023

  中危(重复)：网易UU论坛深井Web发帖和回复存储型XSS漏洞

• Aug 11, 2023

  中危：网易天工网站wordpress主题discy未授权访问

• Jul 24, 2023

  中危：网易数帆-codewave开发论坛未授权修改用户信息

• Jul 24, 2023

  中危：网易数帆-codewave开发论坛敏感信息泄露

• Jul 24, 2023

  高危：网易数帆codewave开发论坛能够修改他人帖子

• Feb 2, 2023

  中危：LOFTER网页版发帖存在存储型XSS漏洞

• Jul 23, 2022

  中危：LOFTER网页端依然存在数个敏感信息泄露

• Jul 6, 2022

  中危： LOFTER网页端存在敏感信息泄露

• Apr 10, 2022

  低危： 网易云音乐投资存在反射型XSS

subscribe via RSS