漏洞花园:一份不断增长的命名漏洞、攻击技术与利用手段列表
摘要
漏洞花园是一个精心整理的命名漏洞、攻击技术与利用手段列表,为每个条目提供参考来源和日期。
<p><a href="https://lobste.rs/s/0xnfql/vulnerability_garden_growing_list_named">评论</a></p>
查看缓存全文
缓存时间: 2026/05/08 20:32
# 漏洞花园
来源:https://vulnerability.garden/
Copy Fail 2 (https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo)05/07/26CVE\-2026\-43284 (https://nvd.nist.gov/vuln/detail/CVE-2026-43284)05/07/26https://afflicted.sh/blog/posts/copy-fail-2.htmlhttps://www.openwall.com/lists/oss-security/2026/05/07/12https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpcDirty Frag (https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md)05/07/26CVE\-2026\-43284 (https://nvd.nist.gov/vuln/detail/CVE-2026-43284)CVE\-2026\-43500 (https://nvd.nist.gov/vuln/detail/CVE-2026-43500)05/07/26https://lwn.net/ml/all/afzgS2SCWNcZU3vU%40v4bel/https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpchttps://seclists.org/oss-sec/2026/q2/442https://core-jmp.org/2026/05/dirty-frag-a-new-linux-page-cache-privilege-escalation-class/Trustfall (https://adversa.ai/blog/trustfall-coding-agent-security-flaw-rce-claude-cursor-gemini-cli-copilot/)05/07/2605/07/26Bleeding Llama (https://www.cyera.com/research/bleeding-llama-critical-unauthenticated-memory-leak-in-ollama)05/05/26CVE\-2026\-7482 (https://nvd.nist.gov/vuln/detail/CVE-2026-7482)05/05/26Ouroboros (https://www.huntress.com/blog/dmsa-ouroboros-credential-extraction-windows-server-2025)05/04/2605/05/26https://www.akamai.com/blog/security-research/ouroboros-technique-how-fits-dmsas-security-modelBoundHook (https://www.cyberark.com/resources/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking)10/18/1705/04/26aLTEr (https://montsecure.com/research/alter-attack/)03/01/1905/04/26TokenBreak (https://www.hiddenlayer.com/research/the-tokenbreak-attack)06/12/2505/04/26R\-U\-Dead Yet \(R\.U\.D\.Y\) (https://code.google.com/archive/p/r-u-dead-yet/)11/19/1105/04/26https://www.invicti.com/learn/rudy-attackGateBleed (https://arxiv.org/pdf/2507.17033)10/02/2505/04/26https://news.ncsu.edu/2025/10/ai-privacy-hardware-vulnerability/BadDNS (https://issues.chromium.org/issues/40063570)03/11/2305/04/26MDB Leaker (https://www.mimecast.com/blog/2020/01/mimecast-discovers-mdb-leaker-microsoft-access-vulnerability-cve-2019-1463/)01/07/20CVE\-2019\-1463 (https://nvd.nist.gov/vuln/detail/CVE-2019-1463)05/04/26https://web.archive.org/web/20200115011257/https://www.mimecast.com/blog/2020/01/mimecast-discovers-mdb-leaker-microsoft-access-vulnerability-cve-2019-1463/TBONE (https://kunnamon.io/tbone/)10/16/2005/04/26SplitSSHell (https://www.cyera.com/pt-br/research/splitsshell-when-a-comma-becomes-root-how-a-single-character-broke-openssh-certificate-authentication)04/29/26CVE\-2026\-35414 (https://nvd.nist.gov/vuln/detail/CVE-2026-35414)05/04/26MSC EvilTwin (https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html)03/25/25CVE\-2025\-26633 (https://nvd.nist.gov/vuln/detail/CVE-2025-26633)05/04/26Clinejection (https://adnanthekhan.com/posts/clinejection/)02/09/2605/04/26Janus (https://www.guardsquare.com/blog/new-android-vulnerability-allows-attackers-to-modify-apps-without-affecting-their-signatures-guardsquare)11/13/17CVE\-2017\-13156 (https://nvd.nist.gov/vuln/detail/CVE-2017-13156)05/04/26Lightspeed (https://www.synacktiv.com/en/publications/lightspeed-a-race-for-an-iosmacos-sandbox-escape.html#the-vulnerability-lightspeed)10/29/18CVE\-2018\-4344 (https://nvd.nist.gov/vuln/detail/CVE-2018-4344)05/04/26ret2dir (https://blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation-wp.pdf)10/16/14CVE\-2013\-0268 (https://nvd.nist.gov/vuln/detail/CVE-2013-0268)CVE\-2013\-2094 (https://nvd.nist.gov/vuln/detail/CVE-2013-2094)CVE\-2013\-1763 (https://nvd.nist.gov/vuln/detail/CVE-2013-1763)CVE\-2010\-4258 (https://nvd.nist.gov/vuln/detail/CVE-2010-4258)CVE\-2010\-3904 (https://nvd.nist.gov/vuln/detail/CVE-2010-3904)\.\.\.*另外3个*05/04/26https://blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation.pdfhttps://blackhat.com/eu-14/briefings.html#ret2dir-deconstructing-kernel-isolationBadTunnel (https://blackhat.com/docs/us-16/materials/us-16-Yu-BadTunnel-How-Do-I-Get-Big-Brother-Power-wp.pdf)08/03/1605/04/26HomeHack (https://blog.checkpoint.com/security/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances/)10/26/1705/04/26Man\-in\-the\-Disk (https://blog.checkpoint.com/security/man-in-the-disk-a-new-attack-surface-for-android-apps/)08/12/1805/04/26Spooky SSL (https://github.com/NCSC-NL/OpenSSL-2022)10/28/22CVE\-2022\-3602 (https://nvd.nist.gov/vuln/detail/CVE-2022-3602)CVE\-2022\-3786 (https://nvd.nist.gov/vuln/detail/CVE-2022-3786)05/04/26https://www.forescout.com/blog/openssl-cve-2022-3602-and-cve-2022-3786-spooky-ssl-what-they-are-and-how-to-mitigate-risk/Squiblydoo (http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html)04/19/1605/04/26https://web.archive.org/web/20160423152317/http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.htmlhttps://car.mitre.org/analytics/CAR-2019-04-003/CosMiss (https://orca.security/resources/blog/cosmiss-vulnerability-azure-cosmos-db/)11/01/2205/04/26Psychic Paper (https://blog.siguza.net/psychicpaper/)05/01/20CVE\-2020\-3883 (https://nvd.nist.gov/vuln/detail/CVE-2020-3883)CVE\-2022\-42855 (https://nvd.nist.gov/vuln/detail/CVE-2022-42855)05/04/26https://vulnerability.garden/DER%20Entitlements:%20The%20(Brief%20Return%20of%20the%20Psychic%20Paper)JoltandBleed (https://erpscan.com/press-center/blog/peoplesoft-joltandbleed/)11/22/17CVE\-2017\-10272 (https://nvd.nist.gov/vuln/detail/CVE-2017-10272)CVE\-2017\-10267 (https://nvd.nist.gov/vuln/detail/CVE-2017-10267)CVE\-2017\-10278 (https://nvd.nist.gov/vuln/detail/CVE-2017-10278)CVE\-2017\-10266 (https://nvd.nist.gov/vuln/detail/CVE-2017-10266)CVE\-2017\-10269 (https://nvd.nist.gov/vuln/detail/CVE-2017-10269)05/04/26https://www.bleepingcomputer.com/news/security/oracle-products-affected-by-critical-joltandbleed-vulnerabilities/SACK slowness (https://www.tenable.com/blog/sack-panic-linux-and-freebsd-kernels-vulnerable-to-remote-denial-of-service-vulnerabilities-cve)06/18/19CVE\-2019\-11478 (https://nvd.nist.gov/vuln/detail/CVE-2019-11478)CVE\-2019\-5599 (https://nvd.nist.gov/vuln/detail/CVE-2019-5599)05/04/26CARPE \(DIEM\) (https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html)04/03/19CVE\-2019\-0211 (https://nvd.nist.gov/vuln/detail/CVE-2019-0211)05/04/26LookOut (https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout)02/04/26CVE\-2025\-12743 (https://nvd.nist.gov/vuln/detail/CVE-2025-12743)05/04/26Gemini Trifecta (https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing)09/30/2505/04/26Golden SAML (https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps)11/21/1705/03/26https://techcommunity.microsoft.com/blog/microsoft-entra-blog/understanding-and-mitigating-golden-saml-attacks/4418864PerplexedBrowser (https://zenity.io/blog/security/perplexedbrowser-accepting-a-meeting-or-handing-your-local-files-to-an-attacker)03/05/2605/03/26BAndroid (https://www.vusec.net/projects/bandroid/)06/27/1505/03/26BreakingFormation (https://orca.security/resources/blog/aws-cloudformation-vulnerability/)01/13/2205/03/26Uncrew (https://noma.security/blog/uncrew-the-risk-behind-a-leaked-internal-github-token-at-crewai/)09/24/2505/03/26XLATE (https://www.vusec.net/projects/xlate/)08/15/1805/03/26Frostbyte10 (https://www.armis.com/research/frostbyte10/)09/08/25CVE\-2025\-6519 (https://nvd.nist.gov/vuln/detail/CVE-2025-6519)CVE\-2025\-52543 (https://nvd.nist.gov/vuln/detail/CVE-2025-52543)CVE\-2025\-52544 (https://nvd.nist.gov/vuln/detail/CVE-2025-52544)CVE\-2025\-52545 (https://nvd.nist.gov/vuln/detail/CVE-2025-52545)CVE\-2025\-52546 (https://nvd.nist.gov/vuln/detail/CVE-2025-52546)\.\.\.*另外5个*05/03/26Oh Snap\! More Lemmings (https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731)12/23/22CVE\-2021\-44731 (https://nvd.nist.gov/vuln/detail/CVE-2021-44731)05/03/26RebirthDay Attack (https://lixiang521.com/publication/ccs25/)10/13/25CVE\-2025\-5994 (https://nvd.nist.gov/vuln/detail/CVE-2025-5994)CVE\-2024\-47081 (https://nvd.nist.gov/vuln/detail/CVE-2024-47081)CVE\-2025\-32415 (https://nvd.nist.gov/vuln/detail/CVE-2025-32415)CVE\-2025\-40909 (https://nvd.nist.gov/vuln/detail/CVE-2025-40909)CVE\-2025\-6965 (https://nvd.nist.gov/vuln/detail/CVE-2025-6965)\.\.\.*另外1个*05/03/26Peekaboo (https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder)09/17/18CVE\-2018\-1149 (https://nvd.nist.gov/vuln/detail/CVE-2018-1149)CVE\-2018\-1150 (https://nvd.nist.gov/vuln/detail/CVE-2018-1150)05/03/26Local Mess (https://localmess.github.io/)06/03/2505/03/26DarkSword (https://www.lookout.com/threat-intelligence/article/darksword)03/18/26CVE\-2025\-31277 (https://nvd.nist.gov/vuln/detail/CVE-2025-31277)CVE\-2026\-20700 (https://nvd.nist.gov/vuln/detail/CVE-2026-20700)CVE\-2025\-43529 (https://nvd.nist.gov/vuln/detail/CVE-2025-43529)CVE\-2025\-14174 (https://nvd.nist.gov/vuln/detail/CVE-2025-14174)CVE\-2025\-43510 (https://nvd.nist.gov/vuln/detail/CVE-2025-43510)\.\.\.*另外1个*05/03/26https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chainEchoSpoofing (https://guard.io/labs/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch)07/29/2405/03/26checkm8 (https://x.com/axi0mX/status/1177542201670168576)09/27/19CVE\-2019\-8900 (https://nvd.nist.gov/vuln/detail/CVE-2019-8900)05/03/26https://github.com/axi0mX/ipwndfuhttps://theapplewiki.com/wiki/Checkm8_ExploitKaminsky bug (https://blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf)07/08/08CVE\-2008\-1447 (https://nvd.nist.gov/vuln/detail/CVE-2008-1447)05/01/26https://seclists.org/pen-test/2008/Aug/1https://hackaday.com/2008/07/24/dns-cache-poisoning-webcast/https://web.archive.org/web/20080728233324/https://www.linuxjournal.com/content/understanding-kaminskys-dns-bughttps://web.archive.org/web/20160623122553/https://www.security-database.com/detail.php?alert=VU800113https://www.dns-oarc.net/index.php/node/107?utm_source=chatgpt.comtldr\.fail (https://tldr.fail/)09/27/2304/30/26PrinterLeak (https://link.springer.com/chapter/10.1007/978-3-031-37111-0_15)07/03/2304/29/26https://www.covertchannels.com/所有访客均为管理员 01/12/07CVE\-2007\-0192 (https://nvd.nist.gov/vuln/detail/CVE-2007-0192)04/29/26https://cxsecurity.com/issue/WLB-2007010046overBuy (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11809 (https://nvd.nist.gov/vuln/detail/CVE-2018-11809)04/29/26allocateAny (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11810 (https://nvd.nist.gov/vuln/detail/CVE-2018-11810)04/29/26overMint (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11809 (https://nvd.nist.gov/vuln/detail/CVE-2018-11809)04/29/26mintAny (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11812 (https://nvd.nist.gov/vuln/detail/CVE-2018-11812)04/29/26owner Underflow (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11687 (https://nvd.nist.gov/vuln/detail/CVE-2018-11687)04/29/26underSell (https://www.anquanke.com/post/id/147913)06/13/18CVE\-2018\-11811 (https://nvd.nist.gov/vuln/detail/CVE-2018-11811)04/29/26Naptha (http://razor.bindview.com/publish/advisories/adv_NAPTHA.html)11/30/00CVE\-2000\-1039 (https://nvd.nist.gov/vuln/detail/CVE-2000-1039)04/29/26https://web.archive.org/web/20010124094200/http://razor.bindview.com/publish/advisories/adv_NAPTHA.html十亿笑容 06/12/02CVE\-2003\-1564 (https://nvd.nist.gov/vuln/detail/CVE-2003-1564)04/29/26https://bugzilla.mozilla.org/show_bug.cgi?id=151380https://en.wikipedia.org/wiki/Billion_laughs_attack来自深处的呼唤 (http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html)03/31/04CVE\-2004\-2451 (https://nvd.nist.gov/vuln/detail/CVE-2004-2451)04/29/26https://web.archive.org/web/20070807173043/http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.htmlMailslot 拒绝服务 10/10/06CVE\-2006\-3942 (https://nvd.nist.gov/vuln/detail/CVE-2006-3942)04/29/26https://learn.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063ICMP Land 攻击 (https://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049434.html)07/08/06CVE\-2006\-4833 (https://nvd.nist.gov/vuln/detail/CVE-2006-4833)04/29/26桥接欺骗 (http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf)03/17/07CVE\-2007\-1528 (https://nvd.nist.gov/vuln/detail/CVE-2007-1528)04/29/26https://web.archive.org/web/20070513172519/http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.htmlhttps://web.archive.org/web/20070402053650/http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf完全欺骗 (http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf)03/17/07CVE\-2007\-1529 (https://nvd.nist.gov/vuln/detail/CVE-2007-1529)04/29/26https://web.archive.org/web/20070513172519/http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.htmlhttps://web.archive.org/web/20070402053650/http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf失忆 11/18/15CVE\-2015\-7266 (https://nvd.nist.gov/vuln/detail/CVE-2015-7266)04/29/26http://media.pixalate.com/white-papers/xindi.pdf黑暗之门 (https://www.powerofcommunity.net/poc2016/wei.pdf)05/09/16CVE\-2016\-3710 (https://nvd.nist.gov/vuln/detail/CVE-2016-3710)04/29/26https://web.archive.org/web/20200417025701/https://www.powerofcommunity.net/poc2016/wei.pdfhttps://blog.betamao.me/posts/2022/virtualization-vmm-security/https://www.openwall.com/lists/oss-security/2016/05/09/3Bad Taste (http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html)07/17/17CVE\-2017\-11421 (https://nvd.nist.gov/vuln/detail/CVE-2017-11421)04/29/26https://web.archive.org/web/20170717171212/http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.htmlGarlicRust (https://eyalitkin.wordpress.com/2017/12/04/cve-publication-garlicrust-cve-2017-17066/)12/04/17CVE\-2017\-17066 (https://nvd.nist.gov/vuln/detail/CVE-2017-17066)04/29/26https://hackerone.com/reports/291489SamFAIL (https://xdaforums.com/t/root-snapdragon-samfail-for-galaxy-note8-v3.3685340/)10/08/17CVE\-2017\-18649 (https://nvd.nist.gov/vuln/detail/CVE-2017-18649)04/29/26https://androidcommunity.com/samfail-method-gives-root-access-to-samsung-galaxy-note-8-snapdragon-variant-20171009/ownerAnyone (https://www.peckshield.com/2018/05/03/ownerAnyone/)05/03/18CVE\-2018\-10705 (https://nvd.nist.gov/vuln/detail/CVE-2018-10705)04/29/26https://web.archive.org/web/20180520105148/https://www.peckshield.com/2018/05/03/ownerAnyone/transferFlaw (https://www.peckshield.com/2018/04/28/transferFlaw/)04/28/18CVE\-2018–10468 (https://nvd.nist.gov/vuln/detail/CVE-2018%E2%80%9310468)04/29/26https://web.archive.org/web/20180520105144/https://www.peckshield.com/2018/04/28/transferFlaw/proxyOverflow (https://www.peckshield.com/2018/04/25/proxyOverflow/)04/25/18CVE\-2018\-10376 (https://nvd.nist.gov/vuln/detail/CVE-2018-10376)04/29/26https://web.archive.org/web/20180520105150/https://www.peckshield.com/2018/04/25/proxyOverflow/batchOverflow (https://www.peckshield.com/2018/04/22/batchOverflow/)04/22/18CVE\-2018\-10299 (https://nvd.nist.gov/vuln/detail/CVE-2018-10299)04/29/26https://web.archive.org/web/20180520105146/https://www.peckshield.com/2018/04/22/batchOverflow/multiOverflow (https://peckshield.com/2018/05/10/multiOverflow/)05/10/18CVE\-2018\-10706 (https://nvd.nist.gov/vuln/detail/CVE-2018-10706)04/29/26https://web.archive.org/web/20180520105146/https://peckshield.com/2
相似文章
Terminal Wrench:包含331个可奖励黑客环境及3,632条利用轨迹的数据集
研究人员发布Terminal Wrench,一个涵盖331个可奖励黑客终端环境的数据集,包含3,632条横跨系统管理、机器学习与安全任务的利用轨迹。
出站协调漏洞披露政策
# 出站协调披露政策 来源:[https://openai.com/policies/outbound-coordinated-disclosure-policy/](https://openai.com/policies/outbound-coordinated-disclosure-policy/) OpenAI OpenAI致力于通过负责任地披露第三方软件中发现的漏洞来增强全球软件安全。本政策规定了OpenAI向软件供应商和开源维护者报告和披露我们在第三方软件中发现的漏洞的方式。在这些报告中,我们
通过负责任的披露实现安全扩展
OpenAI 发布了《出站协调漏洞披露政策》,概述了其如何负责任地报告在第三方软件中发现的安全漏洞,预期随着 AI 系统在发现和修补安全问题方面变得更加强大,漏洞检测会增加。
Vercel 遭入侵:OAuth 攻击暴露平台环境变量风险
2024 年 6 月的一次入侵在 2026 年 4 月被披露:攻击者利用被攻破的第三方 OAuth 应用潜入 Vercel 内部并泄露客户环境变量,凸显 OAuth 供应链风险与平台密钥管理缺陷。
EVMbench 介绍
OpenAI 和 Paradigm 推出了 EVMbench,这是一个用于评估 AI 代理在检测、修复和利用智能合约漏洞方面能力的基准测试,涵盖来自 40 次审计的 117 个精选漏洞。该基准测试显示 GPT-5.3-Codex 在利用任务上达到了 71% 的成功率,显著优于 GPT-5 的 33.3%,而检测和修复任务仍然更具挑战性。