Aggregator

近日，国家信息安全漏洞库（CNNVD）收到关于Ollama安全漏洞（CNNVD-202605-502、CVE-2026-7482）情况的报送。

本文通过对生成式人工智能内容安全责任主体的系统研究，得出以下核心结论：第一，责任配置应当遵循“谁控制、谁负责”的基本原则，将内容安全主体责任赋予对应用场景具有实质控制权的服务提供者……

A vulnerability was found in Wireshark and classified as problematic. Impacted is an unknown function of the file epan/dissectors/packet-nfs.c of the component NFS Dissector. Executing a manipulation can lead to resource consumption. This vulnerability is handled as CVE-2020-13164. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Wireshark up to 3.4.15/3.6.7. Impacted is an unknown function of the component F5 Ethernet Trailer Protocol Dissector. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2022-3190. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Wireshark up to 3.6.10/4.0.2. The impacted element is an unknown function of the component Capture File Handler. The manipulation results in denial of service. This vulnerability is reported as CVE-2023-0413. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Wireshark up to 3.6.10/4.0.2. It has been declared as problematic. Impacted is an unknown function of the component Dissector. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2023-0411. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Wireshark up to 3.6.10/4.0.2. This impacts an unknown function of the component GNW Dissector. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2023-0416. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in bPlugins PDF Poster Plugin up to 2.4.1 on WordPress. It has been rated as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-27416. The attack may be initiated remotely. There is no available exploit.

A vulnerability marked as problematic has been reported in Wireshark up to 3.6.10/4.0.2. Affected is an unknown function of the component NFS Dissector. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2023-0417. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Wireshark up to 3.6.10/4.0.2. It has been rated as problematic. The affected element is an unknown function of the component TIPC Dissector. The manipulation leads to denial of service. This vulnerability is documented as CVE-2023-0412. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN up to 10.4.0. It has been declared as problematic. Affected is an unknown function. Executing a manipulation can lead to improper removal of sensitive information before storage or transfer. This vulnerability is tracked as CVE-2024-43384. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Результаты исследования будут представлены на закрытом мероприятии.

A China-linked threat actor backdoored a version of Daemon Tools to infect thousands

Apache httpd CVE-2026-23918 HTTP/2 Double-Free|CVSS8.8全球数百万站点|Nix/Lix本地提权|OPNsense Root RCE|vm2沙箱逃逸

Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in some applications. Temporal API ready for production code Temporal, a date and time API designed to replace the aging Date object, is now available in Node.js without an experimental flag. The API offers richer handling … More →

The post Node.js 26 ships with Temporal API enabled by default appeared first on Help Net Security.

最好的 AI，就是人不用去学，AI 自己能把自己给用好。

当最大的 AI 算力消费者决定自己建芯片厂，这件事的意义已经超出了商业范畴。

A zero-day vulnerability residing within the Chinese content management system MetInfo has entered a phase of active exploitation

The post Zero-Day Surge: The MetInfo CMS Flaw That Grants Unauthenticated Root Access to Servers appeared first on Penetration Testing Tools.

Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is intended to streamline re-entry procedures and help prevent fraud. According to the company, certain entrance lanes use cameras to capture an image linked to a guest’s ticket or pass and compare it with a newly taken image at the entrance. The system then converts both images into unique numerical values using biometric technology … More →

The post Facial recognition arrives at the gates of Disney’s magic kingdom appeared first on Help Net Security.

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky