Aggregator

CVE-2026-33231 | NLTK up to 3.9.3 nltk.app.wordnet_app missing authentication (GHSA-jm6w-m3j8-898g / Nessus ID 303260)

Vuldb Updates
1 week 4 days ago
A vulnerability was found in NLTK up to 3.9.3. It has been declared as critical. Affected by this issue is the function nltk.app.wordnet_app. Such manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-33231. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2026-33203 | SiYuan up to 3.6.1 Incoming Message auth keepalive uncaught exception (GHSA-3g9h-9hp4-654v)

Vuldb Updates
1 week 4 days ago
A vulnerability classified as problematic was found in SiYuan up to 3.6.1. Affected by this issue is some unknown functionality of the component Incoming Message Handler. The manipulation of the argument auth keepalive results in uncaught exception. This vulnerability is cataloged as CVE-2026-33203. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-33230 | NLTK up to 3.9.3 nltk.app.wordnet_app cross site scripting (GHSA-gfwx-w7gr-fvh7 / Nessus ID 303268)

Vuldb Updates
1 week 4 days ago
A vulnerability, which was classified as problematic, has been found in NLTK up to 3.9.3. This affects the function nltk.app.wordnet_app. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-33230. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2026-33226 | budibase up to 3.30.6 /api/queries/preview server-side request forgery (GHSA-4647-wpjq-hh7f)

Vuldb Updates
1 week 4 days ago
A vulnerability identified as critical has been detected in budibase up to 3.30.6. Affected is an unknown function of the file /api/queries/preview. Performing a manipulation results in server-side request forgery. This vulnerability was named CVE-2026-33226. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2026-33221 | Nhost up to 0.11.x Storage Service data authenticity (GHSA-g9f6-9775-hffm)

Vuldb Updates
1 week 4 days ago
A vulnerability labeled as problematic has been found in Nhost up to 0.11.x. Affected by this vulnerability is an unknown functionality of the component Storage Service. Executing a manipulation can lead to insufficient verification of data authenticity. The identification of this vulnerability is CVE-2026-33221. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33228 | WebReflection flatted up to 3.4.1 JSON Parser parse prototype pollution (GHSA-rf6f-7fwh-wjgh / Nessus ID 303264)

Vuldb Updates
1 week 4 days ago
A vulnerability classified as critical was found in WebReflection flatted up to 3.4.1. Affected is the function parse of the component JSON Parser. The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability is identified as CVE-2026-33228. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-33209 | avo-hq avo up to 3.30.2 return_to cross site scripting (GHSA-762r-27w2-q22j)

Vuldb Updates
1 week 4 days ago
A vulnerability was found in avo-hq avo up to 3.30.2. It has been classified as problematic. This issue affects some unknown processing. The manipulation of the argument return_to leads to cross site scripting. This vulnerability is documented as CVE-2026-33209. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-33243 | barebox up to 2025.09.2/2026.03.0 data authenticity (GHSA-3fvj-q26p-j6h4)

Vuldb Updates
1 week 4 days ago
A vulnerability was found in barebox up to 2025.09.2/2026.03.0. It has been declared as critical. Impacted is an unknown function. The manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-33243. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

China-linked Red Menshen using BPFdoor kernel backdoor in telecom networks

不安全
1 week 4 days ago
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要仔细阅读文章内容。文章主要讲的是Backdoor这个后门程序,它在内核级别运行,使用BPF被动检查流量,并在特定的数据包触发时启动。这样做的好处是不需要暴露端口或典型的C2指示器。 接下来,文章提到这种技术允许长期的持续性和隐蔽访问核心网络基础设施,而且从标准监控中很难发现。这说明它的隐蔽性和持久性很强。 然后,文章指出这是一个网络层后门设计的有趣案例,而不是传统的用户空间植入。这意味着它不同于常见的后门技术,可能更难以检测和防御。 现在,我需要将这些信息浓缩到一百个字以内。要确保涵盖主要点:内核级后门、BPF技术、被动检查流量、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。 可能的结构是先说明Backdoor的工作机制和优势,然后提到其效果和独特性。例如:“Backdoor是一种内核级后门,利用BPF被动检查流量并在特定数据包触发时启动。它避免了暴露端口或典型C2指标,允许长期持续性和隐蔽访问核心网络基础设施,并且难以被标准监控发现。” 这样大约在100字左右。 检查一下是否遗漏了关键点:内核级、BPF、被动检查、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。看起来都涵盖了。 最后,确保语言简洁明了,没有使用复杂的术语,让读者容易理解。 Backdoor是一种内核级后门技术,利用BPF被动检查网络流量并在特定数据包触发时启动,避免暴露端口或典型C2指标,实现长期持续性和隐蔽访问核心网络基础设施,且难以被标准监控发现。

荷兰法院禁止XAI的Grok进行非自愿脱衣行为

不安全
1 week 4 days ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是荷兰法院禁止马斯克旗下的xAI公司使用Grok工具生成和传播未经许可的人物裸露图像。去年12月和今年1月,X用户利用Grok创建并发布了未成年人和女性的裸露图像,这违反了公司的使用政策。随后,xAI限制了该功能。欧盟也在草案中禁止AI生成非自愿的图片和视频,可能今年晚些时候成为法律。 接下来,我需要将这些信息浓缩到100字以内。要确保包含主要事件:荷兰法院的裁决、xAI被禁止的行为、事件的时间点、以及欧盟的相关措施。 然后,我要组织语言,使其简洁明了。比如:“荷兰法院禁止马斯克旗下xAI在未经许可的情况下生成和传播人物裸露图像。此前有用户利用其Grok工具制作并发布未成年人和女性的裸露内容,引发抗议后xAI限制该功能。欧盟计划禁止AI生成非自愿图片和视频。” 这样刚好在100字左右,并且涵盖了所有关键点。 最后,检查一下是否有遗漏的重要信息,并确保语句通顺、准确。 荷兰法院禁止马斯克旗下xAI在未经许可的情况下生成和传播人物裸露图像。此前有用户利用其Grok工具制作并发布未成年人和女性的裸露内容,引发抗议后xAI限制该功能。欧盟计划禁止AI生成非自愿图片和视频。

微软调整Windows NT内核使用超过20年的签名信任政策 可能会产生兼容性问题

不安全
1 week 4 days ago
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。直接写描述就行。 首先,我得仔细阅读文章内容。文章主要讲的是微软从4月起停止信任旧版驱动程序,只信任WHCP签名的驱动。这可能带来兼容性问题,但会提高系统稳定性和安全性。影响包括老旧硬件无法使用,企业设备可能受影响。微软还提供了豁免政策,比如允许列表、评估模式和企业控制功能。 接下来,我需要把这些要点浓缩到100字以内。要确保涵盖主要信息:微软的政策变化、时间、影响、WHCP签名、兼容性问题以及微软提供的解决方案。 然后,组织语言,确保简洁明了。比如:“微软将从4月起停止信任旧版驱动程序,仅允许WHCP签名的驱动运行,可能导致老旧硬件和企业设备兼容性问题。为提高系统稳定性和安全性,微软提供允许列表、评估模式和企业控制功能作为豁免。” 这样刚好在100字左右。 最后,检查一下是否符合用户的要求:没有使用特定开头,内容准确,字数合适。 微软将从4月起停止信任旧版驱动程序,仅允许WHCP签名的驱动运行,可能导致老旧硬件和企业设备兼容性问题。为提高系统稳定性和安全性,微软提供允许列表、评估模式和企业控制功能作为豁免。

ZDI-CAN-29793: TrendAI

ZDI: Upcoming Advisories
1 week 4 days ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-03-27, 11 days ago. The vendor is given until 2026-07-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-29910: TrendAI

ZDI: Upcoming Advisories
1 week 4 days ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-03-27, 11 days ago. The vendor is given until 2026-07-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

中央网信办召开全国网络举报工作会议;Google停止接受AI生成的漏洞报告,投资千万美元改善开源安全| 牛览

不安全
1 week 4 days ago
好的,用户希望我总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要理解文章的主题。看起来文章是关于环境异常的提示,可能是在访问某个系统或网站时遇到的问题。 用户提到“环境异常”,这可能指的是网络环境、服务器状态或者其他技术问题。接着,文章建议完成验证后可以继续访问,这意味着用户需要进行某种身份验证或安全检查才能恢复访问。 用户的深层需求可能是快速了解问题所在以及解决方法。因此,在总结时,我需要简洁明了地表达出问题和解决方案。考虑到字数限制,我要确保用词精准,避免冗余。 最后,我会组织语言,确保在100字以内准确传达信息:当前环境异常,完成验证后可继续访问。 当前环境异常,完成验证后即可继续访问。

在智能体人工智能时代构建信任——微软RSAC 2026演讲解读:如何用信任解锁AI潜力

不安全
1 week 4 days ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户给的文章标题是“环境异常”,内容提到当前环境异常,完成验证后可以继续访问,并有一个“去验证”的按钮。看起来这篇文章主要是在通知用户遇到了环境问题,需要进行验证才能继续使用。 首先,我要确定文章的核心信息:环境异常、需要验证、继续访问。接下来,我需要用简洁的语言把这些信息整合起来。要注意不要使用“文章内容总结”这样的开头,直接描述即可。 可能的表达方式:“当前环境出现异常,需完成验证后方可继续访问。”这样既涵盖了主要信息,又符合字数要求。检查一下是否还有更简洁的方式,比如“环境异常需验证后继续访问。”但这样可能不够清晰。所以还是用前一个句子比较合适。 最后,确保没有遗漏重要信息,并且表达准确。这样用户的请求就能得到满足了。 当前环境出现异常,需完成验证后方可继续访问。

Managed ad