首页 > 专栏 > HackerOne Hacker Activity HackerOne Hacker Activity 共 47 条资讯 curl: Use-after-free in `mev_forget_socket` when `curl_easy_pause()` is called from a `CURL_POLL_REMOVE` socket callback (incomplete fix of CVE-2026-9080) 2026-06-27 17:36:26 curl: UAF read in mev_pollset_diff() trace path after curl_easy_pause() in socket callback 2026-06-27 17:36:26 curl: CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop 2026-06-27 17:36:26 curl: CVE-2026-11586: WS Auto-PONG memory exhaustion 2026-06-27 17:36:26 curl: CVE-2026-12064: proto-default skips SSH verification 2026-06-27 17:36:26 curl: CVE-2026-11564: Native CA trust persist 2026-06-27 17:36:26 curl: HTTPS proxy connection reuse lets one easy handle inherit another handle's mTLS-authenticated proxy session 2026-06-27 17:36:26 Node.js: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (DoS) 2026-06-27 17:36:26 Node.js: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings 2026-06-27 17:36:26 Node.js: Unbounded memory growth in `node:http2` clients via attacker-controlled ORIGIN frames 2026-06-27 17:36:26 Node.js: Proxy credentials leaked in ERR_PROXY_TUNNEL error message 2026-06-27 17:36:26 Node.js: Permission Model bypass via FileHandle.utimes() in the promises API 2026-06-27 17:36:26 Node.js: TLS host identity verification bypass via session reuse with different servername leads to unauthorized connections 2026-06-27 17:36:26 Node.js: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname matching 2026-06-27 17:36:26 Node.js: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat 2026-06-27 17:36:26 Node.js: Unix domain socket server bypasses --permission network restrictions (incomplete CVE-2026-21636 fix) 2026-06-27 17:36:26 Node.js: HTTP Response Queue Poisoning via TOCTOU Race Condition in `http.Agent` 2026-06-27 17:36:26 Revive Adserver: Reflected XSS in stats‑video.php via improperly encoded URL parameters 2026-06-27 17:36:26 Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking 2026-06-27 17:36:26 Revive Adserver: CSRF in zone‑include.php allows unauthorized banner and campaign linking 2026-06-27 17:36:26 « 上一页123下一页 » 相关分类 #!/slash/note #UNTAG (B)(F)uzzing on my world (Hi)story (IN)SECURE Magazine Notification (gdb) break *0x972 - 带鱼博客 BeltfishBlog - ./kwaa.dev .NET Blog .Trash /home/rook1e 00's Adventure 0kami's Blog 0x41414141 in ?? () 0x7f Blog 0xRick Owned Root ! 0xd00's blog 1 Byte 1A23 Blog 1A23 Studio 1Link.Fun 1stwebdesigner 251 2BAB 的工程博客 2ch中文网 360 CERT 360 Netlab Blog - Network Securi 38号车评中心 3o米的微博 404 Media