momo安全漏洞库

共聚合 4722 条情报漏洞监控 2947 / 网安开源项目 1545 / 威胁情报 230

漏洞监控

来自 GitHub Issues、仓库检索和关键词命中的 CVE / RCE / POC 动态。

2947总量

网安开源项目

优先展示中文安全团队维护的开源项目，兼顾工具落地场景和最近更新时间。

1545总量

威胁情报

来自 360、奇安信、斗象等官方站点的公开情报聚合。

230总量

Microsoft Power Apps 远程代码执行漏洞

Microsoft MSRC CVE-2026-32172 发布时间 2026-04-23 入库 2026-04-24 05:47

tybghii/tech-nnbk

GitHub 开源项目 tybghii/tech-nnbk 更新 2026-04-20 入库 2026-04-22 19:31

网络安全工具箱 | stars: 0 | forks: 0 | updated 2026-04-20T01:57:37Z | pushed 2026-04-20T01:57:34Z

ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)

SANS Internet Storm Center 信息发布时间 2026-04-09 入库 2026-04-09 10:17

Microsoft Dynamics 365 (online) Spoofing Vulnerability

Microsoft MSRC CVE-2026-32210 发布时间 2026-04-23 入库 2026-04-24 05:47

tybghii/tech-lqva

GitHub 开源项目 tybghii/tech-lqva 更新 2026-04-19 入库 2026-04-22 19:31

网络安全工具箱 | stars: 0 | forks: 0 | updated 2026-04-19T20:30:40Z | pushed 2026-04-19T20:30:39Z

Number Usage in Passwords: Take Two, (Thu, Apr 9th)

SANS Internet Storm Center 信息发布时间 2026-04-09 入库 2026-04-09 09:17

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how t...

Microsoft 365 Copilot 特权提升漏洞

Microsoft MSRC CVE-2026-33102 发布时间 2026-04-23 入库 2026-04-24 05:47

tybghii/tech-upxu

GitHub 开源项目 tybghii/tech-upxu 更新 2026-04-19 入库 2026-04-22 19:31

网络安全工具箱 | stars: 0 | forks: 0 | updated 2026-04-19T20:28:19Z | pushed 2026-04-19T20:28:17Z

辟谣！Everything没被银狐投毒！

微步在线研究响应中心信息发布时间 2026-04-08 入库 2026-04-08 21:21

可以放心了

Microsoft Bing 远程代码执行漏洞

Microsoft MSRC CVE-2026-33819 发布时间 2026-04-23 入库 2026-04-24 05:47

TakudzwaChoto/FedMD-XAI

GitHub 开源项目 TakudzwaChoto/FedMD-XAI 更新 2026-04-19 入库 2026-04-20 01:06

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

SANS Internet Storm Center 中危发布时间 2026-04-08 入库 2026-04-09 01:21

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026).&#;x26;#;...

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Microsoft MSRC CVE-2026-35431 发布时间 2026-04-23 入库 2026-04-24 05:47

tybghii/tech-ivsa

GitHub 开源项目 tybghii/tech-ivsa 更新 2026-04-19 入库 2026-04-22 19:31

网络安全工具箱 | stars: 0 | forks: 0 | updated 2026-04-19T14:29:58Z | pushed 2026-04-19T14:29:57Z

More Honeypot Fingerprinting Scans, (Wed, Apr 8th)

SANS Internet Storm Center 信息发布时间 2026-04-08 入库 2026-04-08 23:21

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!

EQSTLab/CVE-2026-0603

GitHub Repos/search EQSTLab/CVE-2026-0603 发布时间 2026-04-23 入库 2026-04-23 13:10

language: HTML

bigmanBass666/SCAUZJ-AutoStudy

GitHub 开源项目 bigmanBass666/SCAUZJ-AutoStudy 更新 2026-04-19 入库 2026-04-21 14:06

“猪猪侠”的阴影：疑似某虚拟手机服务商官网安装包被供应链攻击

奇安信威胁情报中心信息发布时间 2026-04-08 入库 2026-04-08 14:31

奇安信威胁情报中心红雨滴团队私有情报生产流程发现国内一家提供云手机、虚拟手机的服务商官网安装包疑似于2026年2月-3月底期间被替换，目前已经恢复正常，该事件造成大量政企终端被控。

m0r4a/CVE-2026-6018-9-Local-Privilege-Escalation-Chain

GitHub Repos/search m0r4a/CVE-2026-6018-9-Local-Privilege-Escalation-Chain 发布时间 2026-04-23 入库 2026-04-23 12:48

language: C

Pacemak1rsl/-Django

GitHub 开源项目 Pacemak1rsl/-Django- 更新 2026-04-19 入库 2026-04-21 17:10

基于Django框架的漏洞扫描系统 | stars: 0 | forks: 0 | updated 2026-04-21T15:28:07Z | pushed 2026-04-21T15:27:53Z

ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)

SANS Internet Storm Center 信息发布时间 2026-04-08 入库 2026-04-08 10:06

d0x-awrqxavc/CVE-2026-23744

GitHub Repos/search d0x-awrqxavc/CVE-2026-23744 发布时间 2026-04-23 入库 2026-04-23 09:39

language: Python

DuringApple/Dommy

GitHub 开源项目 DuringApple/Dommy 更新 2026-04-18 入库 2026-04-23 02:49

A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)

SANS Internet Storm Center 信息发布时间 2026-04-07 入库 2026-04-08 02:39

Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for lat...

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

Microsoft MSRC CVE-2026-6409 发布时间 2026-04-23 入库 2026-04-25 15:27

spmonkey/GHR

GitHub 开源项目 spmonkey/GHR 更新 2026-04-18 入库 2026-04-21 17:10

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

CIS Advisories 信息发布时间 2026-04-07 入库 2026-04-08 05:06

<p>Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.</p><p> </p><ul><li>Mozilla Firefox is a web browser used to access the Internet.</l...

github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

Microsoft MSRC CVE-2026-40890 发布时间 2026-04-23 入库 2026-04-25 15:27

ffftuanxxx/malware-classification-CNN-optimized

GitHub 开源项目 ffftuanxxx/malware-classification-CNN-optimized 更新 2026-04-18 入库 2026-04-18 14:34

Phase-based optimization of malware classification CNN on Malimg dataset: 89.06% -> 98.48% val accuracy. EfficientNetB0 transfer learning + Focal Loss + oversampling + TTA. Fork of cridin1/malware-classification-CNN. | l...

龙虾陷阱 | 伪装 OpenClaw 投递后门事件分析

腾讯安全威胁情报中心中危发布时间 2026-04-07 入库 2026-04-08 00:05

精心搭建的仿冒站点、暗藏杀机的 JPG 图片、一段永不落地磁盘的恶意代码——攻击者正在利用开源 AI 工具的热度，编织一张精密的猎杀网络。