Aggregator

CVE-2026-4673 | Google Chrome up to 146.0.7680.153 WebAudio heap-based overflow (ID 485397)

VulDB Recent Entries
2 weeks 6 days ago
A vulnerability, which was classified as critical, has been found in Google Chrome. Impacted is an unknown function of the component WebAudio. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-4673. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-33517 | mantisbt Mantis Bug Tracker 2.28.0 Confirmation Message tag_delete.php tag_delete s_tag_delete_message cross site scripting (GHSA-fh48-f69w-7vmp)

VulDB Recent Entries
2 weeks 6 days ago
A vulnerability classified as problematic was found in mantisbt Mantis Bug Tracker 2.28.0. This issue affects the function tag_delete of the file tag_delete.php of the component Confirmation Message Handler. Executing a manipulation of the argument s_tag_delete_message can lead to cross site scripting. This vulnerability is handled as CVE-2026-33517. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2019-25583 | Raimersoft RarmaRadio 2.72.3 Setting Username assumed-immutable data is stored in writable memory (Exploit 46900 / EUVD-2019-19908)

Vuldb Updates
2 weeks 6 days ago
A vulnerability identified as problematic has been detected in Raimersoft RarmaRadio 2.72.3. This issue affects some unknown processing of the component Setting Handler. Performing a manipulation of the argument Username results in assumed-immutable data is stored in writable memory. This vulnerability is cataloged as CVE-2019-25583. The attack must be initiated from a local position. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-4530 | apconw Aix-DB up to 1.2.3 terminology_retriever.py Description sql injection (EUVD-2026-14262 / CNNVD-202603-4148)

Vuldb Updates
2 weeks 6 days ago
A vulnerability was found in apconw Aix-DB up to 1.2.3. It has been rated as critical. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. This vulnerability is reported as CVE-2026-4530. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

RDF-J / ECM-J System: TDoA Signal Location Finding and Electronic Jamming with HackRF

不安全
2 weeks 6 days ago
嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读用户提供的文章内容。 文章主要介绍了Janble开发的软件包RDF-J/ECM-J SYSTEM,包含两个程序:RDF-J和ECM-J。RDF-J用于无线电定位,使用HackRF软件无线电,支持TDoA和信号强度两种方法。ECM-J则是一个电子对抗系统,用于干扰信号,但可能涉及非法行为。 接下来,我要提取关键信息:软件名称、功能、技术细节、法律风险等。然后用简洁的语言把这些内容浓缩到100字以内。 需要注意的是,用户要求直接写描述,不使用特定开头。所以我会直接从软件包开始介绍。 最后检查字数是否符合要求,并确保信息准确无误。 Janble开发的RDF-J/ECM-J SYSTEM包含两个程序:RDF-J用于无线电定位,利用HackRF无线电设备实现TDoA和信号强度定位;ECM-J用于电子干扰。该软件非开源,需谨慎使用。

美议员称国防部封杀Anthropic是报复行为

不安全
2 weeks 6 days ago
好,我需要帮用户总结这篇文章的内容,控制在100字以内。首先,看看文章主要讲了什么。Anthropic是一家人工智能实验室,和美国国防部有矛盾。国防部因为Anthropic不愿意让步,就把他们列为供应链风险企业。参议员沃伦批评国防部的决定是报复行为,认为他们应该直接终止合同,而不是这样做。沃伦还担心国防部在没有足够保障的情况下使用监控工具和自主武器。 接下来,我需要把这些要点浓缩成一句话。要确保包含主要人物、事件和关键点。比如:Anthropic拒绝军方使用其AI技术,导致被国防部列为供应链风险企业;参议员沃伦批评国防部的行为是报复,并担心监控和自主武器的问题。 再检查一下字数,确保不超过100字。可能需要调整句子结构,去掉不必要的细节。比如,“上个月”可以省略,“指定为供应链风险企业”可以简化为“列为供应链风险企业”。 最后,整合成一个流畅的句子:Anthropic因拒绝军方使用其AI技术被国防部列为供应链风险企业,引发参议员沃伦批评称此举为报复,并担忧军方在缺乏保障情况下使用监控工具及自主武器。 这样应该符合用户的要求了。 Anthropic因拒绝军方使用其AI技术被国防部列为供应链风险企业,引发参议员沃伦批评称此举为报复,并担忧军方在缺乏保障情况下使用监控工具及自主武器。

CVE-2026-4595 | code-projects Exam Form Submission 1.0 /admin/update_s6.php sname cross site scripting (EUVD-2026-14510)

Vuldb Updates
2 weeks 6 days ago
A vulnerability labeled as problematic has been found in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. This vulnerability is tracked as CVE-2026-4595. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-25075 | strongSwan up to 6.0.4 TTLS AVP Parser length integer underflow (EUVD-2026-14477)

Vuldb Updates
2 weeks 6 days ago
A vulnerability marked as problematic has been reported in strongSwan up to 6.0.4. Affected by this issue is some unknown functionality of the component TTLS AVP Parser. This manipulation of the argument length causes integer underflow. This vulnerability appears as CVE-2026-25075. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-4596 | projectworlds Lawyer Management System 1.0 /lawyers.php first_Name cross site scripting (EUVD-2026-14527)

Vuldb Updates
2 weeks 6 days ago
A vulnerability marked as problematic has been reported in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to cross site scripting. This vulnerability is listed as CVE-2026-4596. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-4597 | 648540858 wvp-GB28181-pro up to 2.7.4 Stream Proxy Query StreamProxyProvider.java selectAll sql injection (EUVD-2026-14549)

Vuldb Updates
2 weeks 6 days ago
A vulnerability described as critical has been identified in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-4597. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-4612 | itsourcecode Free Hotel Reservation System 1.0 Parameter index.php?view=edit&id=8 account_id sql injection (EUVD-2026-14604)

Vuldb Updates
2 weeks 6 days ago
A vulnerability marked as critical has been reported in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. This vulnerability is referenced as CVE-2026-4612. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

网络安全必须跟上人工智能发展的步伐

不安全
2 weeks 6 days ago
好,我现在需要帮用户总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。用户给的原文看起来像是一个提示信息,内容是关于环境异常,完成验证后可以继续访问,并有一个“去验证”的链接。 首先,我需要理解原文的意思。原文提到当前环境异常,用户需要完成验证才能继续访问。这可能是一个安全措施,比如检测到可疑活动后要求验证身份。 接下来,我要将这个信息浓缩成一句话。重点包括环境异常、验证、继续访问以及提供的链接。所以,我可能会写:“当前环境出现异常,需完成验证后方可继续访问,请点击‘去验证’进行操作。” 然后检查一下字数是否在100字以内,并且没有使用不需要的开头。这样应该符合用户的要求了。 当前环境出现异常,需完成验证后方可继续访问,请点击“去验证”进行操作。

Hacker walks away with $24.5 million after breaching Resolv DeFi platform

不安全
2 weeks 6 days ago
嗯,用户让我用中文总结一下这篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看文章讲的是什么。 文章主要讲的是去中心化金融平台Resolv遭受了网络攻击,导致价值8000万美元的USR稳定币被非法创建。USR原本是与美元挂钩的,但这次攻击后,它的价值暴跌到26美分。攻击者利用了一个被窃取的私钥,创建了大量没有抵押的USR,并用这些代币换取了以太坊。 Resolv公司正在追踪这些非法代币,并威胁要与交易所合作限制这些资产。他们还联系了执法部门和区块链分析公司,并可能采取法律行动。此外,Chainalysis分析指出,这次攻击是因为过度信任链下基础设施,尽管Resolv通过了多次安全审计,但仍然被攻破。 现在我需要把这些信息浓缩到100字以内。重点包括:Resolv遭遇网络攻击、价值8000万美元的USR被非法创建、导致USR脱钩美元、公司采取措施应对、Chainalysis的分析结果。 再检查一下字数,确保不超过限制。可能需要删减一些细节,比如具体的金额或步骤,但保留关键点。 最终总结应该是:去中心化金融平台Resolv遭网络攻击,价值8000万美元的USR稳定币被非法创建。攻击者利用私钥生成无抵押代币并兑换以太坊。公司追踪非法资产并威胁限制交易。区块链安全公司Chainalysis指出事件因过度信任链下基础设施所致。 去中心化金融平台Resolv遭网络攻击,价值8000万美元的USR稳定币被非法创建。攻击者利用私钥生成无抵押代币并兑换以太坊。公司追踪非法资产并威胁限制交易。区块链安全公司Chainalysis指出事件因过度信任链下基础设施所致。

派早报:华为举办春季全场景新品发布会等

不安全
2 weeks 6 days ago
好的,我现在需要帮用户总结一篇关于华为春季新品发布会的文章,控制在100字以内。首先,我得通读整篇文章,了解主要发布的产品和信息。 文章开头提到华为在长沙举办了发布会,发布了多个领域的十余款新品。接下来详细介绍了手机、手表、手环、平板、显示器、智慧屏和汽车等多个产品线。每款产品都有具体的技术参数和价格信息。 我的任务是将这些信息浓缩到100字以内,同时保持内容的全面性和准确性。首先,确定主要产品类别:手机(Mate系列)、手表(WATCH Ultimate 2和GT Runner 2)、手环(手环11系列)、平板(MatePad Pro和Mini悦读版)、显示器(MateView GT)、智慧屏(Vision 6)以及鸿蒙智行的汽车系列。 然后,提取每个类别的关键点:手机的性能提升、手表的运动功能优化、手环的健康监测、平板的屏幕技术、显示器的高刷新率、智慧屏的画质提升以及汽车的续航和智能配置。 最后,整合这些要点,确保语言简洁明了,并且不使用任何开头语如“这篇文章总结了...”。这样就能在有限的字数内全面涵盖所有新品的主要信息。 华为春季全场景新品发布会发布多领域十余款新品,包括手机、手表、手环、平板、显示器及智慧屏等。其中HUAWEI Mate 80 Pro Max风驰版性能显著提升,华为畅享90系列搭载大电池与鸿蒙系统;WATCH Ultimate 2升级高尔夫功能;GT Runner 2专为跑者设计;手环11系列新增健康监测功能;MatePad Pro及Mini悦读版屏幕技术升级;Vision智慧屏6画质优化;鸿蒙智行发布多款新能源车。

RSA 2026 – AI Oozing Out of Every Pore

不安全
2 weeks 6 days ago
嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”这样的开头。首先,我需要仔细阅读文章,抓住主要观点。 文章主要讲的是在RSA大会上,AI被吹捧得很高,但实际情况可能没那么夸张。作者提到SecureIQLab在尝试用中立的工具和报告来帮助企业和组织识别AI的真实价值。他们建议关注失败案例、具体攻击类型、区分检测和预防,以及要求第三方评估。 接下来,我需要把这些要点浓缩成一句话,不超过100字。要确保涵盖关键点:RSA大会的AI炒作、SecureIQLab的工具和报告、以及他们建议的具体方法。 最后,检查一下语言是否简洁明了,没有使用复杂的术语,确保读者能快速理解主要内容。 RSA大会充斥着AI炒作,SecureIQLab提供中立工具和报告帮助企业识别真实价值。建议关注失败案例、具体攻击类型、区分检测与预防,并要求第三方评估以避免虚假宣传。

Managed ad