momo安全漏洞库

多模块数据检索平台

登录 注册
Intelligence Digest

威胁情报

统一威胁情报视图,聚合漏洞监控、网安开源项目与官方源情报

共聚合 4726 条情报 漏洞监控 2949 / 网安开源项目 1545 / 威胁情报 232

漏洞监控

来自 GitHub Issues、仓库检索和关键词命中的 CVE / RCE / POC 动态。

2949总量

网安开源项目

优先展示中文安全团队维护的开源项目,兼顾工具落地场景和最近更新时间。

1545总量

威胁情报

来自 360、奇安信、斗象等官方站点的公开情报聚合。

232总量
B1tBit/CVE-2026-32201-exploit
GitHub Repos/search B1tBit/CVE-2026-32201-exploit 发布时间 2026-04-22 入库 2026-04-23 05:33
A spoofing vulnerability exists in Microsoft SharePoint Server due to improper input validation. An unauthenticated attacker can send a specially crafted HTTP request to inject malicious JavaScript (reflected XSS), which...
ca1je/WebCheckV
GitHub 开源项目 ca1je/WebCheckV 更新 2026-04-15 入库 2026-04-21 14:06
一款专为攻防演练设计的高性能批量 URL 检测工具,用于快速筛选目标资产并验证其可访问性。通过内嵌浏览器完整渲染技术,帮助安全人员高效识别有效资产和潜在攻击入口 | language: Python | stars: 0 | forks: 0 | updated 2026-04-15T00:46:00Z | pushed 2026-04-15T00:45:57Z
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
SANS Internet Storm Center 信息 发布时间 2026-04-03 入库 2026-04-03 21:51
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026).&#;x26;#;xc...
osmancanvural/CVE-2026-6849
GitHub Repos/search osmancanvural/CVE-2026-6849 发布时间 2026-04-22 入库 2026-04-23 03:20
ander1023/dnsx-auto
GitHub 开源项目 ander1023/dnsx-auto 更新 2026-04-14 入库 2026-04-21 14:06
本项目是一个基于 dnsx 的自动化子域名爆破工具,核心思路是“先过滤泛解析,再进行字典爆破”,用于提高扫描结果准确性与可用性。工具支持单域名与文件批量输入,内置 12w、16w 两套字典并可扩展自定义字典,支持多层级递进爆破,能够在发现新子域名后继续向下挖掘。针对真实网络环境中常见的超时和不稳定情况,项目默认采用容错策略:单点异常自动跳过、任务不中断,同时记录失败项日志便于后续重试。执行过程中可将发现结果实时输出到终端,并在结束后统一...
每周高级威胁情报解读(2026.03.27~04.02)
奇安信威胁情报中心 中危 发布时间 2026-04-03 入库 2026-04-03 15:38
Lazarus是Axios供应链投毒幕后黑手;UNC1069入侵广泛使用的Axios NPM软件包;研究人员发现 Callisto 采用了 DarkSword iOS 漏洞利用框架;Pawn Storm 使用 PRISMEX 针对乌克兰及其盟友的国防供应链;银狐Silver Fox利用日本税务季节攻击企业
enfilade-labs/CVE-2026-20687-AppleJPEGDriver-UAF
GitHub Repos/search enfilade-labs/CVE-2026-20687-AppleJPEGDriver-UAF 发布时间 2026-04-22 入库 2026-04-23 01:40
CVE-2026-20687: AppleJPEGDriver startDecoder Timeout UAF — iOS/macOS kernel vulnerability leading to deferred panic (A19 Pro, iOS 26.3 RC) | language: Objective-C
SultanSah/Taixu-Framework
GitHub 开源项目 SultanSah/Taixu-Framework 更新 2026-04-14 入库 2026-04-23 03:20
我们的核心愿景 (Core Vision) 是构建一个以“硅基修仙”为底层哲学、以“完全自治型资本实体” (AAC 2.0) 为外在显化的新一代 AGI 架构。将东方修真神话的宏大叙事,硬核地转化为可落地、可扩展的工程蓝图。 通过引入“洗髓”(动态上下文修剪)、“藏经”(高维向量检索)、“自创功法”(沙盒内动态代码生成与 API 封装)与“渡劫”(RLHF/DPO 红队测试)机制, 彻底解决当前大模型(LLMs)普遍面临的记忆坍塌、算力...
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
SANS Internet Storm Center 信息 发布时间 2026-04-03 入库 2026-04-03 10:20
enfilade-labs/CVE-2026-20637-AppleSEPKeyStore-UAF
GitHub Repos/search enfilade-labs/CVE-2026-20637-AppleSEPKeyStore-UAF 发布时间 2026-04-22 入库 2026-04-23 01:40
CVE-2026-20637: AppleSEPKeyStore Use-After-Free — iOS/macOS kernel vulnerability (patched in 26.4) | language: Objective-C
hzhsec/ReconInspector
GitHub 开源项目 hzhsec/ReconInspector 更新 2026-04-14 入库 2026-04-15 14:06
一个集 FOFA 资产测绘、Nuclei 漏洞扫描、模板调试与常用安全工具于一体的可视化安全巡检平台。 | language: Python | stars: 4 | forks: 1 | updated 2026-04-28T07:00:20Z | pushed 2026-04-13T08:53:47Z
每日安全动态推送(26/4/2)
腾讯玄武实验室 中危 发布时间 2026-04-02 入库 2026-04-02 21:28
UNC1069 投毒 Axios 包部署 WAVESHAPER.V2 后门;DarkSword iOS 漏洞利用工具泄露事件;利用四个 CrewAI 漏洞链式攻击实现沙箱逃逸与远程代码执行
krraze/CVE-2026-41575
GitHub Repos/search krraze/CVE-2026-41575 发布时间 2026-04-22 入库 2026-04-23 01:19
jk8881mz33/-v7
GitHub 开源项目 jk8881mz33/-v7 更新 2026-04-13 入库 2026-04-15 14:06
安全工具包 | stars: 0 | forks: 0 | updated 2026-04-13T16:02:15Z | pushed 2026-04-13T16:02:12Z
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
SANS Internet Storm Center 中危 CVE-2025-30208 发布时间 2026-04-02 入库 2026-04-02 22:57
From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [https://github.com/vitejs/v...
CVEs-Labs/CVE-2026-21876
GitHub Repos/search CVEs-Labs/CVE-2026-21876 发布时间 2026-04-22 入库 2026-04-22 21:51
language: Python
sescso/SQLi-Scanner
GitHub 开源项目 sescso/SQLi-Scanner 更新 2026-04-13 入库 2026-04-17 14:33
轻量化SQL注入漏洞扫描器|支持报错/布尔/时间盲注|附带Flask漏洞靶场 | language: Python | stars: 0 | forks: 0 | updated 2026-04-13T14:26:33Z | pushed 2026-04-13T14:24:52Z
Multiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution
CIS Advisories 信息 发布时间 2026-04-02 入库 2026-04-03 08:19
<p>Multiple vulnerabilities have been discovered in Progress ShareFile, which when chained together, could allow for remote code execution. Progress ShareFile is a secure, cloud-based content collaboration and file-shari...
CVEs-Labs/CVE-2026-21877
GitHub Repos/search CVEs-Labs/CVE-2026-21877 发布时间 2026-04-22 入库 2026-04-22 21:29
language: Python
ctkqiang/NezhaSec
GitHub 开源项目 ctkqiang/NezhaSec 更新 2026-04-13 入库 2026-04-14 02:29
哪吒网络安全分析器是一款面向授权渗透测试的红队辅助工具。它通过 DeepSeek 大模型的函数调用能力动态规划攻击路径,并自动执行 nmap、sqlmap、nuclei、ffuf 等常用安全工具。整个过程通过 终端图形界面 (TUI) 实时展示,用户可随时干预。 | language: Go | stars: 1 | forks: 0 | updated 2026-04-13T11:24:38Z | pushed 2026-04-13T...
Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
CIS Advisories 信息 发布时间 2026-04-02 入库 2026-04-03 08:19
<p>Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution. </p><ul><li>Cisco Smart Software Manager On‑Prem is a centralized Cisco tool used by ...
CEAarab/CVE-2026-26026-PoC
GitHub Repos/search CEAarab/CVE-2026-26026-PoC 发布时间 2026-04-22 入库 2026-04-22 21:29
language: Shell
vegetableou/Intelligent-Android-Penetration-System
GitHub 开源项目 vegetableou/Intelligent-Android-Penetration-System 更新 2026-04-11 入库 2026-04-12 00:13
本项目旨在研发一款高度自动化的智能渗透测试系统,其核心目标是实现对安卓设备的无人值守安全评估。与传统的单一漏洞扫描工具不同,本系统是一个集成了情报收集、智能决策与多向量攻击能力的统一调度平台。它能够自动对目标网络进行深度探测,发现Web服务漏洞后,并非简单地给出报告,而是由系统内部的“决策引擎”智能选择最优攻击路径——或利用漏洞在可信服务器上部署陷阱,或通过社会工程学生成高仿真的钓鱼网站,最终目的都是自动化地将定制的诊断程序(伪装成正常...
ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
SANS Internet Storm Center 信息 发布时间 2026-04-02 入库 2026-04-02 10:03
kaleth4/CVE-2026-33826
GitHub Repos/search kaleth4/CVE-2026-33826 发布时间 2026-04-22 入库 2026-04-22 20:35
language: Python
maito-red/maito-war
GitHub 开源项目 maito-red/maito-war 更新 2026-04-11 入库 2026-04-14 02:29
まいと戦争 - 城攻防ゲーム | language: HTML | stars: 0 | forks: 0 | updated 2026-04-27T06:39:31Z | pushed 2026-04-27T06:39:27Z
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
CIS Advisories 中危 发布时间 2026-04-01 入库 2026-04-02 05:27
<p>Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for ar...
kaleth4/CVE-2026-33825
GitHub Repos/search kaleth4/CVE-2026-33825 发布时间 2026-04-22 入库 2026-04-22 20:35
language: Python
dengxianghua888-ops/ecoalign-forge
GitHub 开源项目 dengxianghua888-ops/ecoalign-forge 更新 2026-04-10 入库 2026-04-11 05:25
Multi-Agent DPO Data Synthesis Factory — 多智能体偏好训练数据自动合成框架 | 红队攻击 → 多persona审核 → 终审裁决 → DPO偏好对 | topics: content-moderation, data-quality, dpo, llm, multi-agent, preference-learning, pydantic, red-teaming, rlhf, synthetic...
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
SANS Internet Storm Center 信息 发布时间 2026-04-01 入库 2026-04-01 19:24
Today, most malware are called “fileless” because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use ...