Aggregator

CVE-2026-6587 | vibrantlabsai RAGAS up to 0.4.3 Collections util.py _try_process_local_file/_try_process_url retrieved_contexts server-side request forgery (EUVD-2026-23727)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability has been found in vibrantlabsai RAGAS up to 0.4.3 and classified as critical. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argument retrieved_contexts results in server-side request forgery. This vulnerability is identified as CVE-2026-6587. The attack can be initiated remotely. Additionally, an exploit exists. The security patch for CVE-2025-45691 was applied to a different module only. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6586 | TransformerOptimus SuperAGI up to 0.0.14 Budget Endpoint budget.py get_budget/update_budget authorization (EUVD-2026-23726)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-6586. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6585 | TransformerOptimus SuperAGI up to 0.0.14 Organisation Update Endpoint organisation.py update_organisation organisation_id authorization (EUVD-2026-23723)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as problematic, has been found in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. The identification of this vulnerability is CVE-2026-6585. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6584 | TransformerOptimus SuperAGI up to 0.0.14 User Update Endpoint user.py update_user user_id authorization (EUVD-2026-23721)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as problematic was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. This vulnerability was named CVE-2026-6584. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6583 | TransformerOptimus SuperAGI up to 0.0.14 API Key Management Endpoint api_key.py delete_api_key/edit_api_key authorization (EUVD-2026-23719)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as problematic has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-6583. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6582 | TransformerOptimus SuperAGI up to 0.0.14 Vector Database Management Endpoint vector_dbs.py missing authentication (EUVD-2026-23717)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability described as critical has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details/update_vector_db/delete_vector_db of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. This vulnerability is handled as CVE-2026-6582. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-6581 | H3C Magic B1 up to 100R004 /goform/aspForm SetMobileAPInfoById param buffer overflow (EUVD-2026-23716)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability marked as critical has been reported in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. This vulnerability is known as CVE-2026-6581. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

果糖不只是糖,它更像是激素

Solidot
1 month 3 weeks ago
根据发表在《Nature Metabolism》期刊上的一项研究,果糖在化学结构上与葡萄糖几乎完全相同,然而在行为上几乎完全不同,它更像是激素。当蔗糖和玉米糖浆在口腔内溶解成葡萄糖和果糖,其比例基本相同。葡萄糖会促使胰岛素水平上升,被细胞吸收,肝脏将不需要的部分储存为糖原,任何多余的糖原都会在严格调控下转化为脂肪。果糖的代谢途径则完全不同。它绕过了糖酵解途径中最重要的调控酶——果糖激酶 1 (PFK1)。结果是果糖代谢几乎没有“关闭”机制。果糖不仅仅是一种热量,它是一种代谢信号,能以与葡萄糖截然不同的方式促进脂肪的生成和储存。果糖会告诉肝脏制造脂肪,为饥荒做准备。这对于一只靠秋季浆果增肥的熊而言有意义,但对于春季饮碳酸饮料的人类而言不是好事。过去二十年富裕国家的含糖饮料消费量一直在下降,但肥胖率仍然在持续上升,直到 GLP-1 减肥药流行后才放缓。研究人员怀疑可能存在饮用果糖的滞后效应:果糖是一种缓慢起效的毒药,而不是一种快速增加的热量来源。水果含有果糖,但也含有纤维维生素等其它成分,这些成分会减缓果糖的吸收,减缓其影响,但含有高浓度果糖的碳酸饮料则是另一回事了。

Managed ad