Aggregator

A vulnerability identified as critical has been detected in OpenStack Glance up to 29.1.0/30.1.0/31.0.0. Affected by this vulnerability is an unknown functionality of the component ovf_process Image Import Plugin. Performing a manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-34881. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

好的，我现在需要帮用户总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我得仔细阅读用户提供的文章内容，理解其主要观点和结构。 这篇文章讨论了全球多个国家和地区如何通过立法强制个人提供设备密码或协助解密。例如，英国、法国、澳大利亚、新西兰、新加坡、香港、美国和印度都有各自的法律措施。这些措施通常将拒绝提供密码的行为定为独立犯罪，并施以监禁等刑罚。 接下来，我需要提炼出文章的核心信息：全球多个国家正在通过立法手段强制个人提供设备密码或协助解密，以应对加密技术带来的挑战。这些法律措施绕过了传统的自证其罪保护，赋予了政府更大的权力。 然后，我要确保总结在一百个字以内，并且直接描述文章内容，不使用“文章内容总结”之类的开头。同时，要保持语言简洁明了，避免过于专业的术语。 最后，检查一下是否涵盖了主要国家及其法律措施，并且准确传达了文章的核心观点。 全球多个国家和地区通过立法强制个人提供设备密码或协助解密，将拒绝行为定为独立犯罪。英国、法国、澳大利亚等国采取严厉措施，香港和新加坡则与国家安全或刑事调查挂钩。这些法律绕过自证其罪保护，赋予政府更大权力。

A vulnerability categorized as problematic has been discovered in PaperCut NG and MF up to 25.0.9. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-4794. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in johnh10 Auto Post Scheduler Plugin up to 1.84 on WordPress. It has been rated as problematic. This impacts the function aps_options_page of the component Setting Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-1877. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in baserproject basercms up to 5.2.2. It has been declared as critical. This affects the function exec. The manipulation results in os command injection. This vulnerability was named CVE-2026-21861. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in baserproject basercms up to 5.2.2. It has been classified as critical. The impacted element is an unknown function of the component Submission API. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-30878. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in baserproject basercms up to 5.2.2 and classified as critical. The affected element is the function update of the component User Account Handler. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-30877. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in vowelweb Ibtana Plugin up to 1.2.5.7 on WordPress and classified as problematic. Impacted is the function ive of the component Shortcode Handler. Performing a manipulation results in basic cross site scripting. This vulnerability is known as CVE-2026-1834. Remote exploitation of the attack is possible. No exploit is available.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头，直接写描述。好的，我先仔细看看文章内容。 文章主要讲的是Qwen3.6 Plus预览版已经在OpenRouter上线，并且可以免费试用。模型由阿里云国际提供，用户只需要有OpenRouter账号就能使用。模型的特点是上下文窗口很大，100万级别，性能也很强，尤其在编码、开发和问题解决方面表现突出。另外，文章还提到了配置方法和获取方式，比如修改openclaw.json文件，并且提供了详细的配置示例。 接下来我要把这些信息浓缩到一百字以内。首先提到模型上线和免费试用，然后说明模型的性能和适用场景，最后可能提到配置方法或者获取方式。但因为字数限制，可能需要省略一些细节。 再检查一下有没有遗漏的重要信息：模型由阿里云提供、免费使用、上下文窗口大、性能优越、支持编码和开发等。这些都应该是重点。 现在试着组织语言：Qwen3.6 Plus预览版上线OpenRouter，免费试用。模型由阿里云国际提供，支持100万上下文窗口，性能优越，在编码、开发等方面表现突出。 这样大概在50字左右，符合要求。 Qwen3.6 Plus预览版上线OpenRouter，免费试用。该模型由阿里云国际提供，支持100万上下文窗口，在编码、开发等领域表现优异。

A vulnerability, which was classified as problematic, was found in Moby up to 29.3.0. This issue affects some unknown processing. Such manipulation leads to off-by-one. This vulnerability is traded as CVE-2026-33997. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in nektos act up to 0.2.85. This vulnerability affects unknown code of the component Docker Container Handler. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-34042. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in timwhitlock Loco Translate Plugin up to 2.8.2 on WordPress. This affects an unknown part of the component Parameter Handler. The manipulation of the argument update_href results in cross site scripting. This vulnerability is reported as CVE-2026-4146. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in langchain-ai langchain up to 1.2.21. Affected by this issue is the function load_prompt/load_prompt_from_config. The manipulation leads to path traversal. This vulnerability is documented as CVE-2026-34070. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in yahoo serialize-javascript up to 7.0.4. Affected by this vulnerability is an unknown functionality of the component Regular Expression Handler. Executing a manipulation can lead to resource consumption. This vulnerability is registered as CVE-2026-34043. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in PaperCut NG and MF up to 25.0.4. Affected is an unknown function of the component Communication Channel Handler. Performing a manipulation results in cleartext transmission of sensitive information. This vulnerability is cataloged as CVE-2026-5115. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in SciTokens up to 1.9.6. This impacts an unknown function. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-32727. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in SciTokens up to 1.9.5. This affects an unknown function. This manipulation causes improper authorization. This vulnerability is tracked as CVE-2026-32716. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in SciTokens up to 1.9.5. The impacted element is the function str.format. The manipulation results in sql injection. This vulnerability is identified as CVE-2026-32714. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in jhimross Debugger & Troubleshooter Plugin up to 1.3.2 on WordPress. It has been rated as critical. The affected element is the function wp_debug_troubleshoot_simulate_user. The manipulation of the argument cookie leads to cookies without validation. This vulnerability is referenced as CVE-2026-5130. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，理解主要事件。 文章讲的是Axios这个流行的HTTP客户端遭受了供应链攻击。攻击者利用了维护者被入侵的npm账号，发布了包含恶意依赖的版本。这个恶意依赖会执行一个后安装脚本，作为跨平台的远程访问木马（RAT）释放器，影响macOS、Windows和Linux系统。 攻击者在发布前精心策划，提前18小时准备了恶意包，并在短时间内发布了两个被污染的Axios版本。恶意软件会在执行后删除自身，并替换package.json以避免检测。 用户需要立即降级到安全版本，并采取措施检查和清除恶意软件。此外，还有其他两个包也被发现分发了相同的恶意软件。 总结时要抓住关键点：供应链攻击、Axios版本、恶意依赖、RAT释放器、影响范围和应对措施。确保在100字以内简洁明了地表达这些信息。 Axios遭遇供应链攻击，两个版本引入恶意依赖"plain-crypto-js"，通过后安装脚本分发跨平台远程访问木马（RAT），影响macOS、Windows和Linux系统。攻击者利用被入侵的npm账号发布恶意包，并删除痕迹以规避检测。用户需降级至安全版本并清除恶意软件。