Aggregator

A vulnerability labeled as problematic has been found in Tiki 21.2. This vulnerability affects unknown code of the file tiki-admin_system.php of the component POST Request Handler. Such manipulation of the argument zipPath leads to cross site scripting. This vulnerability is documented as CVE-2024-46879. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Tiki up to 26.3. This affects an unknown part of the file tiki-editpage.php of the component Parameter Handler. This manipulation of the argument page causes cross site scripting. This vulnerability is registered as CVE-2024-46878. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in ggml-org llama.cpp up to 55abc39/up to 55d4206c8. Affected by this issue is the function ggml_nbytes of the component GGUF File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2026-33298. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in QuantumNous new-api up to 0.11.9-alpha.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-32879. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in wp-graphql up to 2.9.x on WordPress. It has been declared as problematic. Affected is the function moderate_comments of the file plugins/wp-graphql/src/Mutation/CommentUpdate.php. Executing a manipulation of the argument user_id can lead to missing authorization. This vulnerability is tracked as CVE-2026-33290. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as problematic. This impacts an unknown function of the component CSS. Performing a manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-4674. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in mantisbt Mantis Bug Tracker 2.28.0 and classified as problematic. This affects the function IssueTagTimelineEvent::html of the file my_view_page.php. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-33548. It is possible to launch the attack remotely. No exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in Google Chrome and classified as critical. The impacted element is an unknown function of the component WebGL. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2026-4675. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in bcrypt-ruby up to 3.1.21 on JRuby. The affected element is an unknown function of the file BCrypt.java. The manipulation results in integer overflow. This vulnerability was named CVE-2026-33306. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. Impacted is an unknown function of the component WebAudio. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-4673. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in mantisbt Mantis Bug Tracker 2.28.0. This issue affects the function tag_delete of the file tag_delete.php of the component Confirmation Message Handler. Executing a manipulation of the argument s_tag_delete_message can lead to cross site scripting. This vulnerability is handled as CVE-2026-33517. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability identified as problematic has been detected in Raimersoft RarmaRadio 2.72.3. This issue affects some unknown processing of the component Setting Handler. Performing a manipulation of the argument Username results in assumed-immutable data is stored in writable memory. This vulnerability is cataloged as CVE-2019-25583. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability was found in apconw Aix-DB up to 1.2.3. It has been rated as critical. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. This vulnerability is reported as CVE-2026-4530. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要仔细阅读用户提供的文章内容。 文章主要介绍了Janble开发的软件包RDF-J/ECM-J SYSTEM，包含两个程序：RDF-J和ECM-J。RDF-J用于无线电定位，使用HackRF软件无线电，支持TDoA和信号强度两种方法。ECM-J则是一个电子对抗系统，用于干扰信号，但可能涉及非法行为。 接下来，我要提取关键信息：软件名称、功能、技术细节、法律风险等。然后用简洁的语言把这些内容浓缩到100字以内。 需要注意的是，用户要求直接写描述，不使用特定开头。所以我会直接从软件包开始介绍。 最后检查字数是否符合要求，并确保信息准确无误。 Janble开发的RDF-J/ECM-J SYSTEM包含两个程序：RDF-J用于无线电定位，利用HackRF无线电设备实现TDoA和信号强度定位；ECM-J用于电子干扰。该软件非开源，需谨慎使用。

真诚推荐！

好，我需要帮用户总结这篇文章的内容，控制在100字以内。首先，看看文章主要讲了什么。Anthropic是一家人工智能实验室，和美国国防部有矛盾。国防部因为Anthropic不愿意让步，就把他们列为供应链风险企业。参议员沃伦批评国防部的决定是报复行为，认为他们应该直接终止合同，而不是这样做。沃伦还担心国防部在没有足够保障的情况下使用监控工具和自主武器。 接下来，我需要把这些要点浓缩成一句话。要确保包含主要人物、事件和关键点。比如：Anthropic拒绝军方使用其AI技术，导致被国防部列为供应链风险企业；参议员沃伦批评国防部的行为是报复，并担心监控和自主武器的问题。 再检查一下字数，确保不超过100字。可能需要调整句子结构，去掉不必要的细节。比如，“上个月”可以省略，“指定为供应链风险企业”可以简化为“列为供应链风险企业”。 最后，整合成一个流畅的句子：Anthropic因拒绝军方使用其AI技术被国防部列为供应链风险企业，引发参议员沃伦批评称此举为报复，并担忧军方在缺乏保障情况下使用监控工具及自主武器。 这样应该符合用户的要求了。 Anthropic因拒绝军方使用其AI技术被国防部列为供应链风险企业，引发参议员沃伦批评称此举为报复，并担忧军方在缺乏保障情况下使用监控工具及自主武器。

A vulnerability labeled as problematic has been found in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. This vulnerability is tracked as CVE-2026-4595. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as problematic has been reported in strongSwan up to 6.0.4. Affected by this issue is some unknown functionality of the component TTLS AVP Parser. This manipulation of the argument length causes integer underflow. This vulnerability appears as CVE-2026-25075. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to cross site scripting. This vulnerability is listed as CVE-2026-4596. The attack may be initiated remotely. In addition, an exploit is available.