Aggregator

A vulnerability has been found in parisneo lollms up to 2.1.x and classified as critical. Affected is the function get_current_active_user of the file /api/files/extract-text of the component Endpoint. This manipulation causes improper authentication. This vulnerability appears as CVE-2026-0558. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in parisneo lollms up to 2.1.x. It has been classified as critical. Affected by this issue is the function _download_image_to_temp of the file /api/files/export-content. Performing a manipulation results in server-side request forgery. This vulnerability is known as CVE-2026-0560. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in parisneo lollms up to 2.1.x. It has been declared as critical. This affects the function respond_request. Executing a manipulation can lead to incorrect authorization. This vulnerability is handled as CVE-2026-0562. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GNOME libsoup. It has been rated as problematic. The affected element is an unknown function of the component HTTP Proxy Handler. This manipulation causes cleartext transmission of sensitive information. This vulnerability is handled as CVE-2026-5119. The attack can be initiated remotely. There is not any exploit available.

好的，用户让我帮忙总结一篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述即可。 首先，我需要看看用户提供的内容。看起来这是一篇科幻故事，标题是《New Story》，发布在Astounding Stories上，日期是2026年3月30日。里面有很多标签和相关故事的链接，比如#ASTOUNDING-STORIES、#science-fiction等。 用户可能希望得到一个简洁明了的摘要，突出文章的主题和核心元素。考虑到字数限制，我需要抓住关键点：科幻元素、探索未知、勇气和冒险精神。 接下来，我应该把这些元素整合成一句话或几句话，确保不超过100字，并且直接进入描述，不使用任何开头语。 可能的结构是：介绍故事的主题，提到探索未知世界和人类的勇气与冒险精神。 最后，检查一下是否符合要求：简洁、直接、涵盖主要元素。 这篇科幻故事讲述了一个关于探索未知世界的故事，展现了人类无畏的勇气与冒险精神。

The European Commission has revealed details of a data breach impacting its AWS infrastructure

Starting April 1, 2026, the Indian government will effectively ban Chinese video surveillance giants, including Hikvision, Dahua, and TP-Link, from selling internet-connected CCTV cameras in the country. This decisive market restriction stems from new mandatory certification rules driven by national security concerns regarding foreign hardware. The Ministry of Electronics and Information Technology (MeitY) has implemented […]

The post India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April appeared first on Cyber Security News.

在“金州杀手（Golden State Killer）”变成陈年悬案四十余年后的 2018 年，一位对家族史感兴趣的女性向一家家谱公司寄去唾沫进行测序。她的 DNA 成为破案的关键。凶手是其远房亲戚，调查人员最终抓住了前警官 Joseph James DeAngelo Jr.，他在 2020 年承认了 13 项谋杀罪和 13 项绑架罪。有数以百万的人将其 DNA 样本寄送给 23andMe 和 AncestryDNA 等测序公司，以了解自己的祖先、发现健康风险或寻找失散的亲人。但 DNA 揭示的真相可能会颠覆我们对家庭和身份的理解：你可能会发现父母不是自己的生物学父母，或者兄弟姐妹之一可能不是亲兄弟姐妹。DNA 也揭示我们彼此之间比以前认为的更紧密：所有人类的最近共同祖先生活在几千年前。我们彼此之间都有血缘关系。美国人一直以隐私理由反对建立国家 DNA 数据库，但志愿性质的消费者基因检测已经创造了类似的国家数据库，由于共享 DNA，只需 1% 的测序就能让所有人人都搜索到，而美国有 7% 的人做过了测序。科学家也发现 DNA 揭示的信息仍然有限，糖尿病患病风险是 25% 还是 20% 并没有多大区别，并不意味着你是糖尿病高危人群，所以在利用基因筛选胚胎时将糖尿病患病风险从 35% 降至 30% 意义并不大。

A vulnerability classified as critical has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-5126. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #780180 / VDB-354158

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解其主要内容。 文章主要讲的是Fortinet的FortiClient EMS平台存在一个严重的SQL注入漏洞（CVE-2026-21643），攻击者正在积极利用这个漏洞。这个漏洞允许未经身份验证的攻击者通过恶意HTTP请求执行任意代码或命令。虽然CISA和其他已知被利用的漏洞列表中尚未标记此漏洞为已被利用，但根据Defused的数据，攻击已经在四天前开始了。 接下来，我需要提取关键信息：漏洞名称、影响版本、攻击方式、暴露数量以及修复建议。然后将这些信息浓缩成一句话，确保不超过100字。 可能的结构是：FortiClient EMS平台存在SQL注入漏洞，允许攻击者执行任意代码；已有千余实例暴露在线；建议升级到7.4.5或更高版本修复。 现在检查字数是否在限制内，并确保信息准确无误。 FortiClient EMS平台存在SQL注入漏洞（CVE-2026-21643），允许攻击者通过恶意HTTP请求执行任意代码；已有千余实例暴露在线；建议升级到7.4.5或更高版本修复。

Дело Flint24 считается одним из самых известных кардерских дел в истории российского правосудия.

A vulnerability described as critical has been identified in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument git_diff.base_ref/git_diff.files results in os command injection. This vulnerability is identified as CVE-2026-5125. The attack is only possible with local access. Additionally, an exploit exists. Upgrading the affected component is recommended.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户提供了文章的标题和一些内容片段，看起来这篇文章是关于Obyte的“无中间人账本”的故事。 首先，我需要确定文章的主要主题。标题提到“无中间人”，这可能是指区块链技术或去中心化账本。接着，内容中提到了Obyte、加密货币、挖矿、投资等关键词，说明这篇文章可能是在讨论区块链技术的应用和优势。 接下来，我要提取关键信息。文章可能介绍了Obyte项目的特点，比如去中心化、无需信任的特性，以及它如何改变传统金融模式。此外，可能还提到了加密货币的趋势和投资机会。 然后，我需要将这些信息浓缩成一个简洁的句子。要确保涵盖主要点：无中间人账本、去中心化、无需信任机制、以及对金融模式的影响。 最后，检查字数是否在限制内，并确保语言流畅自然。 文章探讨了Obyte项目如何通过去中心化账本技术实现无中间人交易，强调其在加密货币和区块链领域的创新应用与潜力。

A vulnerability marked as problematic has been reported in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. This vulnerability is referenced as CVE-2026-5124. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as problematic has been found in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The identification of this vulnerability is CVE-2026-5123. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

Submit #780154 / VDB-354157

A vulnerability identified as problematic has been detected in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. This vulnerability was named CVE-2026-5122. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

Submit #780189 / VDB-354156

Submit #780179 / VDB-354155