Aggregator

Как нам услышать шепот далекой черной дыры?

OpenAI 周五宣布未来几周测试为 ChatGPT 引入广告。这家估值 5000 亿美元的初创公司正在寻找新的收入来源以资助其持续扩张，以及与 Google 和 Anthropic 等竞争对手展开竞争。广告将先在美国进行测试，将出现在免费版本和 8 美元月费 ChatGPT Go 用户的答案的底部，仅在与用户所查询问题相关时展示。Pro、Business 和 Enterprise 订阅服务都不会有广告。OpenAI 预测 2026 年的广告收入将达到数十亿美元，未来几年会更高。

安娜的档案（Anna’s Archive）过去两周先后失去了 .org 和 .se 域名。这一切发生在它抓取和公开音乐流媒体服务 Spotify 的存档之后，但没有证据表明 Spotify 与此相关。安娜的档案的麻烦还没有结束。WorldCat 私有数据库拥有者 OCLC 获得了对安娜的档案的默认判决和永久禁令。安娜的档案在两年前抓取和公开了 WorldCat 数据库。OCLC 预计会要求安娜的档案的托管服务商删除 WorldCat 数据库。暂时不清楚安娜的档案的域名问题是否与此相关。

A vulnerability classified as critical has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-1120. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2026-1121. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2026-1122. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been declared as problematic. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. This vulnerability is handled as CVE-2026-1154. The attack can be executed remotely. Additionally, an exploit exists.

Submit #735855 / VDB-341747

A vulnerability was found in technical-laohu mpay up to 1.2.4. It has been classified as problematic. This affects an unknown function. Performing a manipulation results in cross-site request forgery. This vulnerability is known as CVE-2026-1153. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in technical-laohu mpay up to 1.2.4 and classified as critical. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. This vulnerability is traded as CVE-2026-1152. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in technical-laohu mpay up to 1.2.4 and classified as problematic. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. This vulnerability appears as CVE-2026-1151. The attack may be initiated remotely. In addition, an exploit is available.

Submit #735848 / VDB-296574

A vulnerability, which was classified as critical, was found in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. This vulnerability is reported as CVE-2026-1150. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. This vulnerability is documented as CVE-2026-1149. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #735789 / VDB-341746

Submit #735775 / VDB-341745

Submit #735773 / VDB-341744

Submit #735696 / VDB-341743

Submit #735695 / VDB-341742

A vulnerability classified as problematic was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-1148. It is possible to launch the attack remotely. No exploit is available.