Aggregator
因造谣霸王茶姬涉毒“马督工”疑似被捕
4 months ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读用户提供的文章内容。文章主要讲的是上海公安局打击涉企网络谣言,典型案例包括任某造谣霸王茶姬“涉毒”的案件。任某谎称该品牌茶饮中的咖啡因是“准毒品”,已经被采取刑事措施。网传任某是自媒体人任冲昊,曾是观察者网的总编辑,两个月前在知乎发帖称某品牌茶饮是“准毒品”。
接下来,我要提取关键信息:上海公安局、打击涉企网络谣言、典型案例、任某造谣霸王茶姬涉毒、咖啡因被称准毒品、依法采取刑事措施、任冲昊的身份和之前的言论。
然后,我需要将这些信息浓缩到100字以内,确保涵盖所有重要点。要注意用词简洁,避免重复。比如,“犯罪嫌疑人”可以简化为“男子”,“已被依法采取刑事强制措施”可以改为“被采取刑事强制措施”。
最后,组织语言,确保流畅自然。例如:“上海警方通报一起涉企网络谣言典型案例:男子任某因谎称霸王茶姬茶饮含‘准毒品’咖啡因而被采取刑事强制措施。据悉,任某为自媒体人任冲昊,曾任职观察者网总编辑。”
这样既涵盖了所有关键信息,又符合字数要求。
上海警方通报一起涉企网络谣言典型案例:男子任某因谎称霸王茶姬茶饮含"准毒品"咖啡因而被采取刑事强制措施。据悉,任某为自媒体人任冲昊,曾任职观察者网总编辑。
【重磅发布】2025年度软件供应链投毒风险研究报告
4 months ago
预约直播,深入聊聊《2025年度软件供应链投毒风险研究报告》
CVE-2026-3200 | z-9527 admin 1.0/2.0 user.js checkName/register/login/getUser/getUsers sql injection
4 months ago
A vulnerability marked as critical has been reported in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection.
This vulnerability is documented as CVE-2026-3200. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-26984 | aces Loris up to 26.0.4/27.0.1 Media path traversal (GHSA-mpgc-c48m-6v2h)
4 months ago
A vulnerability labeled as critical has been found in aces Loris up to 26.0.4/27.0.1. This impacts an unknown function of the component Media Module. Such manipulation leads to path traversal.
This vulnerability is referenced as CVE-2026-26984. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2026-27819 | go-vikunja up to 1.x ZIP restore.go restoreConfig path traversal (GHSA-42wg-38gx-85rh)
4 months ago
A vulnerability, which was classified as critical, has been found in go-vikunja vikunja up to 1.x. This vulnerability affects the function restoreConfig of the file vikunja/pkg/modules/dump/restore.go of the component ZIP Handler. This manipulation causes path traversal.
This vulnerability is registered as CVE-2026-27819. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-27575 | go-vikunja up to 1.x weak password (GHSA-3ccg-x393-96v8)
4 months ago
A vulnerability marked as critical has been reported in go-vikunja vikunja up to 1.x. Impacted is an unknown function. This manipulation causes weak password requirements.
The identification of this vulnerability is CVE-2026-27575. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-26985 | aces Loris up to 26.0.4/27.0.1 electrophysiogy_browser path traversal (GHSA-g3pp-rqvq-xxhp)
4 months ago
A vulnerability described as critical has been identified in aces Loris up to 26.0.4/27.0.1. The affected element is the function electrophysiogy_browser. Such manipulation leads to path traversal.
This vulnerability is referenced as CVE-2026-26985. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-27116 | go-vikunja up to 1.x Projects cross site scripting (GHSA-4qgr-4h56-8895)
4 months ago
A vulnerability classified as problematic has been found in go-vikunja vikunja up to 1.x. The impacted element is an unknown function of the component Projects Module. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-27116. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-27148 | storybookjs storybook up to 7.6.22/8.6.16/9.1.18/10.2.9 WebSocket Message componentFilePath injection (GHSA-mjf5-7g4m-gx5w)
4 months ago
A vulnerability labeled as problematic has been found in storybookjs storybook up to 7.6.22/8.6.16/9.1.18/10.2.9. Affected is an unknown function of the component WebSocket Message Handler. Executing a manipulation of the argument componentFilePath can lead to injection.
This vulnerability is handled as CVE-2026-27148. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-27616 | go-vikunja up to 1.x SVG File Parser cross site scripting (GHSA-7jp5-298q-jg98)
4 months ago
A vulnerability marked as problematic has been reported in go-vikunja vikunja up to 1.x. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-27616. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-26955 | FreeRDP up to 3.22.x gdi_SurfaceCommand_ClearCodec out-of-bounds write (GHSA-mr6w-ch7c-mqqj / Nessus ID 299994)
4 months ago
A vulnerability marked as critical has been reported in FreeRDP up to 3.22.x. Affected is the function gdi_SurfaceCommand_ClearCodec. Performing a manipulation results in out-of-bounds write.
This vulnerability is identified as CVE-2026-26955. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-26986 | FreeRDP up to 3.22.x rail_window_free xfAppWindow use after free (GHSA-crqx-g6x5-rx47 / Nessus ID 299997)
4 months ago
A vulnerability classified as critical was found in FreeRDP up to 3.22.x. This affects the function rail_window_free. The manipulation of the argument xfAppWindow results in use after free.
This vulnerability is cataloged as CVE-2026-26986. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-27015 | FreeRDP up to 3.22.x smartcard_pack.c smartcard_unpack_read_size_align assertion (GHSA-7g72-39pq-4725 / WID-SEC-2026-0514)
4 months ago
A vulnerability classified as critical was found in FreeRDP up to 3.22.x. Impacted is the function smartcard_unpack_read_size_align of the file libfreerdp/utils/smartcard_pack.c. Such manipulation leads to reachable assertion.
This vulnerability is listed as CVE-2026-27015. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-26965 | FreeRDP up to 3.22.x planar_decompress_plane_rle out-of-bounds write (GHSA-5vgf-mw4f-r33h / Nessus ID 299995)
4 months ago
A vulnerability labeled as critical has been found in FreeRDP up to 3.22.x. This issue affects the function planar_decompress_plane_rle. The manipulation results in out-of-bounds write.
This vulnerability was named CVE-2026-26965. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
vuldb.com
Телефон оппозиционера заразили шпионским ПО. Создателя ПО осудили. Тех, кто нажал на кнопку, — нет
4 months ago
Рассказываем, к чему приводит чрезмерный интерес к чужим секретам.
HI
4 months ago
好,我现在要帮用户总结这篇文章的内容。用户的要求是用中文总结,控制在100字以内,不需要特定的开头,直接写描述即可。
首先,我需要仔细阅读用户提供的文章内容。看起来这篇文章来自Reddit的HowToHack版块,一个用户发帖求助。她的TikTok账号被一个叫maria_.fernandez0的假账号恶意攻击。她请求帮助获取这个假账号的IP地址、Gmail或其他个人信息。
接下来,我要提取关键信息:假TikTok账号、用于网络欺凌、请求IP地址或个人信息。然后,我需要把这些信息浓缩成一句话,不超过100字。
可能会遇到的问题是信息太多,需要精简。例如,“恶意攻击”可以简化为“用于网络欺凌”。同时,确保不遗漏主要点:求助对象、问题来源、请求内容。
最后,组织语言,确保流畅自然。例如:“用户在Reddit寻求帮助,要求获取一个用于网络欺凌的假TikTok账户(maria_.fernandez0)的IP地址或其他个人信息。”这样既简洁又全面。
用户在Reddit寻求帮助,要求获取一个用于网络欺凌的假TikTok账户(maria_.fernandez0)的IP地址或其他个人信息。
CVE-2026-2293 | nest.js 11.1.13 Fastify Path-Normalization authorization (EUVD-2026-9034)
4 months ago
A vulnerability classified as problematic has been found in nest.js 11.1.13. The impacted element is an unknown function of the component Fastify Path-Normalization. The manipulation leads to incorrect authorization.
This vulnerability is traded as CVE-2026-2293. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-27751 | Shenzhen Hongyavision Technology SODOLA SL902-SWTGW124AS up to 200.1.20 Management Interface default credentials (EUVD-2026-9040)
4 months ago
A vulnerability was found in Shenzhen Hongyavision Technology SODOLA SL902-SWTGW124AS up to 200.1.20. It has been rated as very critical. The impacted element is an unknown function of the component Management Interface. Performing a manipulation results in use of default credentials.
This vulnerability is identified as CVE-2026-27751. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-27752 | Shenzhen Hongyavision Technology SODOLA SL902-SWTGW124AS up to 200.1.20 Network Traffic cleartext transmission (EUVD-2026-9041)
4 months ago
A vulnerability categorized as problematic has been discovered in Shenzhen Hongyavision Technology SODOLA SL902-SWTGW124AS up to 200.1.20. This affects an unknown function of the component Network Traffic Handler. Executing a manipulation can lead to cleartext transmission of sensitive information.
This vulnerability is tracked as CVE-2026-27752. The attack can be launched remotely. No exploit exists.
vuldb.com