Aggregator

A CVSS score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N severity vulnerability discovered by 'Brandon Niemczyk of TrendAI Research' was reported to the affected vendor on: 2026-04-17, 55 days ago. The vendor is given until 2026-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Mahmoud Bettouch' was reported to the affected vendor on: 2026-04-17, 59 days ago. The vendor is given until 2026-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-04-17, 59 days ago. The vendor is given until 2026-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-04-17, 60 days ago. The vendor is given until 2026-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户已经提供了文章的详细内容，我需要先快速浏览一下，抓住主要信息。 文章主要讲的是SPIFFE，这是一个用于现代基础设施的身份框架。它解决了传统方法在动态环境中遇到的问题，比如IP地址变化、API密钥泄露等。SPIFFE通过三个核心组件：SPIFFE ID、SVID和Workload API来实现这一点。这些组件帮助服务在运行时获得和验证身份，无需预共享密钥或嵌入式秘密。 接下来，我需要将这些关键点浓缩到100字以内。要确保涵盖SPIFFE的定义、其解决的问题、核心组件以及优势。 可能的结构是：首先介绍SPIFFE是什么，然后说明它解决的问题，接着提到它的三个核心部分，最后点出其优势。 比如：“SPIFFE是一种开放标准，用于动态分布式环境中的服务身份验证。它通过 SPIFFE ID、SVID 和 Workload API 提供短生命周期的加密身份，无需预共享密钥或嵌入式秘密。适用于跨平台和多云环境。” 这样大约在100字左右。 检查一下是否遗漏了关键点：解决了传统方法的问题、核心组件、优势（如跨平台支持）。看起来都涵盖了。 最后确认语言简洁明了，没有使用复杂的术语，让用户容易理解。 SPIFFE 是一种开放标准，用于动态分布式环境中的服务身份验证。它通过 SPIFFE ID、SVID 和 Workload API 提供短生命周期的加密身份，无需预共享密钥或嵌入式秘密。适用于跨平台和多云环境。

A vulnerability labeled as critical has been found in Horner Automation Cscape, XL4 and XL7 PLC. Affected by this issue is some unknown functionality. Executing a manipulation can lead to weak password requirements. This vulnerability appears as CVE-2026-6284. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”这样的开头。首先，我得仔细阅读文章内容。 文章提到，在2026年4月，黑客组织ShinyHunters声称入侵了Amtrak，并泄露了超过200万个独特的电子邮件地址，还包括姓名、物理地址和客户支持记录。他们通常会破坏组织的Salesforce实例，然后索要赎金，如果没有支付，就会公开数据。 接下来是推荐的行动，比如使用密码管理器生成和存储强密码，建议用户立即更改密码，并启用两步验证。还有提到事件发生的时间和添加到HIBP的时间。 所以，我需要把这些信息浓缩到100字以内。首先说明事件：ShinyHunters入侵Amtrak。然后泄露的数据量和内容：超过200万邮件地址等。接着说明他们的手法：破坏Salesforce实例并索要赎金。最后提醒用户更改密码和启用双重验证。 要注意不要遗漏关键点：入侵时间、数据量、泄露内容、黑客手段、推荐措施。同时语言要简洁明了，避免冗长。 现在组织一下语言：ShinyHunters入侵Amtrak，在2026年4月泄露了超过200万邮件地址、姓名、地址等信息。他们通常破坏Salesforce实例索要赎金。建议用户更改密码并启用双重验证。 这样应该控制在100字以内了。 ShinyHunters黑客组织在2026年4月声称入侵Amtrak并泄露了超过200万个电子邮件地址及个人信息。他们通常通过破坏组织的Salesforce实例索要赎金，并公开数据。建议用户更改密码并启用双重验证以提高账户安全。

A vulnerability identified as critical has been detected in QEMU. Affected by this vulnerability is the function cpu_physical_memory_map of the file hw/hyperv/syndbg.c of the component KVM. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-3842. The attack may be carried out on the physical device. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability categorized as problematic has been discovered in Anviz CrossChex Standard. Affected is an unknown function. Such manipulation leads to algorithm downgrade. This vulnerability is documented as CVE-2026-32650. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Anviz CrossChex Standard. It has been rated as critical. This impacts an unknown function of the component Communication Channel Handler. This manipulation causes improper verification of source of a communication channel. This vulnerability is registered as CVE-2026-40434. The attack requires access to the local network. No exploit is available.

A vulnerability was found in Anviz CX2 Lite and CX7. It has been declared as problematic. This affects an unknown function. The manipulation results in cleartext transmission of sensitive information. This vulnerability is cataloged as CVE-2026-33569. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Anviz CX7. It has been classified as problematic. The impacted element is an unknown function of the component Setting Handler. The manipulation leads to relative path traversal. This vulnerability is listed as CVE-2026-31927. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Anviz CX7 and classified as problematic. The affected element is an unknown function of the component MQTT Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . This vulnerability is tracked as CVE-2026-32324. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Anviz CX2 Lite and CX7 and classified as problematic. Impacted is an unknown function of the component Update Package Handler. Performing a manipulation results in download of code without integrity check. This vulnerability is identified as CVE-2026-40066. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Anviz CX2 Lite and CX7. This issue affects some unknown processing of the component Archives Handler. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-35546. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in Anviz CX2 Lite. This vulnerability affects unknown code. This manipulation of the argument filename causes command injection. The identification of this vulnerability is CVE-2026-35682. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Anviz CX2 Lite and CX7. This affects an unknown part of the component setting Handler. The manipulation results in missing authentication. This vulnerability was named CVE-2026-40461. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in Anviz CX2 Lite and CX7. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-32648. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as problematic has been identified in Anviz CX7. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-35061. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Anviz CX7. Affected is an unknown function. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2026-33093. Remote exploitation of the attack is possible. No exploit is available.