Aggregator

A vulnerability identified as critical has been detected in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. This vulnerability is handled as CVE-2026-5148. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5150. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. This vulnerability was named CVE-2026-5152. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as problematic has been found in LibTIFF 4.3.0. Affected is an unknown function of the component tiffcp. The manipulation leads to denial of service. This vulnerability is documented as CVE-2022-0865. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in LibTIFF 4.3.0. This vulnerability affects the function ExtractImageSection of the file tiffcrop.c of the component TIFF Image Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2022-0891. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in LibTIFF 4.3.0. It has been rated as problematic. The affected element is an unknown function of the component tiffcrop. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2022-0907. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability has been found in libcaca and classified as problematic. The impacted element is the function img2txt. This manipulation causes divide by zero. This vulnerability is registered as CVE-2022-0856. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Kyverno 1.16.0. The impacted element is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-4789. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in FreeRDP up to 3.24.1. Affected is the function progressive_decompress_tile_upgrade. This manipulation causes integer overflow. This vulnerability is registered as CVE-2026-33983. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in FreeRDP up to 3.24.1. The affected element is the function rts_read_auth_verifier_no_checks. Such manipulation of the argument auth_length leads to reachable assertion. This vulnerability is uniquely identified as CVE-2026-33952. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in FreeRDP up to 3.24.1 and classified as problematic. The impacted element is an unknown function. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2026-33977. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in FreeRDP up to 3.24.1. It has been rated as critical. Affected by this vulnerability is the function winpr_aligned_offset_recalloc. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2026-33982. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5156. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, was found in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. This vulnerability is listed as CVE-2026-5157. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in FreeRDP up to 3.24.1 and classified as critical. This affects the function resize_vbar_entry of the file libfreerdp/codec/clear.c. Executing a manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2026-33984. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

好的，我现在要帮用户总结这篇文章的内容。首先，我需要仔细阅读文章，理解其主要信息。文章讲的是微软在周一推出了一个深度研究智能体的更新，允许用户在同一研究中同时调用GPT和Claude大模型。 接下来，文章提到微软在365 Copilot的研究代理中新增了“Critique”功能。这个功能的工作流程是：GPT先进行研究并生成初稿，然后Claude按照学术评审流程对稿件的准确性、完整性和引证质量进行审查，最后生成报告回复给用户。 微软还提到未来这项功能可能双向运行，也就是Claude先写报告，GPT再进行审查和完善。根据DRACO基准测试的结果，两个模型合作的效果比单独使用一个模型要好得多。 现在我要把这些信息浓缩到100字以内，并且不需要使用特定的开头。我需要确保涵盖主要点：微软推出更新、允许同时调用两个模型、新增Critique功能、工作流程以及测试结果。 可能会这样组织句子：微软推出深度研究智能体更新，在365 Copilot中新增Critique功能，允许同时调用GPT和Claude大模型。GPT生成初稿，Claude审查并生成报告。未来可能双向运行。测试显示合作效果更佳。 检查字数是否在限制内，并确保信息准确无误。 微软推出深度研究智能体更新，在365 Copilot中新增Critique功能，允许同时调用GPT和Claude大模型。GPT生成初稿后由Claude审查并生成报告。未来可能实现双向运行。测试显示两模型合作效果更佳。

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解主要事件。 文章讲的是苹果公司在中国用户中误推送了一个AI功能。用户下载了9GB的模型后可以使用苹果的AI服务，但后来苹果又紧急撤回了这个功能。用户无法再下载或启用这个功能了。 接下来，我需要提取关键点：苹果误推送、AI功能、使用阿里千问模型、随后撤回。这些是主要内容。 然后，我要把这些信息浓缩成一句话，不超过100字。要确保涵盖事件的主要方面：谁（苹果）、做了什么（误推送）、结果（撤回）以及涉及的技术（阿里模型）。 最后，检查语句是否通顺，信息是否完整。确保没有遗漏重要细节，并且符合用户的格式要求。 苹果误向中国用户推送AI功能，用户下载9GB模型后可启用服务，但随后紧急撤回。该功能使用阿里巴巴千问系列模型量化版，部分用户仍可暂时使用。苹果未对此作出官方说明。

2026年3月，安全团队披露两款iOS零日漏洞利用工具包Coruna和DarkSword，这两款本属高级间谍武器的工具目前已经二手市场扩散至多个犯罪团伙，严重威胁普通用户安全。

好，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户已经给了示例，我得先看看示例是怎么处理的。用户提供的示例中，原文是关于环境异常的提示，让用户完成验证后继续访问，并有一个“去验证”的链接。总结后的结果是“当前环境异常，需完成验证后继续访问。”这样简洁明了。 接下来，我要分析用户的需求。用户希望用中文总结文章内容，控制在100字以内，并且不需要特定的开头。这意味着我需要直接描述文章内容，保持简洁。 然后，我得考虑如何提取关键信息。原文提到环境异常、验证、继续访问和一个链接。总结时要保留这些关键点：环境异常、验证、继续访问。 最后，我要确保语言简洁，不超过100字。所以，可能的总结是“当前环境异常，需完成验证后继续访问。”或者稍微调整一下结构，比如“因环境异常，请完成验证后继续访问。” 检查一下是否符合要求：没有使用特定开头，控制在100字以内，并且准确传达了原文的核心信息。 当前环境异常，请完成验证后继续访问。

A vulnerability classified as problematic has been found in Google Chrome up to 99.0.4844.50. This vulnerability affects unknown code of the component HTML Parser. Performing a manipulation results in HTML injection. This vulnerability is cataloged as CVE-2022-0801. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.