网络安全笔记

#exploit 1⃣CVE-2025-20281: Cisco ISE API Unauthenticated RCE 2⃣CVE-2025-29017: Internet Banking System 2.0 RCE via Profile Picture Upload 3⃣CVE-2025-22230, CVE-2025-22247: The Guest Who Could - Exploiting LPE in VMWare Tools 4⃣CVE-2025-6554: A Brief Analysis of Chrome's 0day in the Wild 5⃣CVE-2025-7783: form-data boundary randomness vulnerability 6⃣CVE-2025-31161: CrushFTP Authentication Bypass 7⃣CVE-2025-53770 SharePoint Vulnerability Scanner: - Machine key extraction patterns - Secondary payload indicators - ExcelDataSet/Scorecard component processing - ToolPane error patterns and anomalous response characteristics + SIEM Detection Rules // Disclaimer

#exploit 1. CVE-2023-31779: Stored XSS in Wekan https://github.com/jet-pentest/CVE-2023-31779 2. CVE-2023-31726: AList 3.15.1 - Incorrect Access Control https://github.com/J6451/CVE-2023-31726 3. Vulnerabilities of Goby supported with exploitation https://github.com/gobysec/GobyVuls