Aggregator

腾讯云安全公布近期安全漏洞清单,建议自查更新,防入侵保业务安全

A vulnerability was found in Tenda AC8 up to 16.03.50.11. It has been rated as critical. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-4254. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda AC8 16.03.50.11. It has been declared as critical. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. This vulnerability is known as CVE-2026-4253. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Tenda AC8 16.03.50.11. It has been classified as critical. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. This vulnerability is traded as CVE-2026-4252. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

好，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解它的主要观点。 文章主要讲的是OpenClaw这个AI工具，它不仅能聊天，还能操作电脑。作者通过一个实际案例展示了它的功能：将图片转换为Word文档。这个过程用了Python程序，没有上传图片到大模型，这和豆包等工具不同。最后提到AI的竞争不仅仅是模型强弱，而是如何将能干活的AI集成到各种工具中。 接下来，我需要提炼这些信息。重点包括OpenClaw的功能、案例说明、与其他工具的区别以及竞争趋势。然后用简洁的语言把这些点连贯地表达出来。 可能的结构是：先介绍OpenClaw的功能，然后用案例说明其优势，接着比较其他工具的不同之处，最后总结竞争趋势。 现在开始组织语言： “文章介绍了一款名为OpenClaw的AI工具，它不仅能够进行智能对话，还具备操作电脑的能力。通过一个实际案例展示了其将图片转换为Word文档的功能，并与其他类似工具如豆包进行了对比。指出AI的竞争已从模型能力转向如何将实用功能嵌入日常应用中。” 检查字数是否在100字以内，并确保内容准确传达了原文的核心信息。 文章介绍了一款名为OpenClaw的AI工具，它不仅能够进行智能对话，还具备操作电脑的能力。通过一个实际案例展示了其将图片转换为Word文档的功能，并与其他类似工具如豆包进行了对比。指出AI的竞争已从模型能力转向如何将实用功能嵌入日常应用中。

Submit #771773 / VDB-351212

Submit #771771 / VDB-351211

A vulnerability has been found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android and classified as problematic. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2026-4250. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #771759 / VDB-351210

A vulnerability was found in CityData CityChat up to 0.12.6 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage of credentials. This vulnerability appears as CVE-2026-4251. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

好的，我现在需要帮用户总结一篇文章，控制在100字以内。用户给的原文是关于Cyble公司的介绍。首先，我得通读一下原文，抓住关键点。 文章开头提到Cyble用智能驱动的AI原生统一控制面板来填补网络安全防御缺口。接着说他们是全球政府、企业和安全团队信赖的力量。然后提到他们有无与伦比的可见性、实时情报和为规模构建的平台，不仅跟上威胁，还能领先一步，让用户有信心前进。 接下来，我要把这些信息浓缩到100字以内。首先确定主要元素：公司名称、核心技术（智能驱动AI）、目标（填补防御缺口）、服务对象（政府、企业）、优势（实时情报、平台规模）和效果（领先威胁）。 然后组织语言，确保简洁明了。可能的结构是先介绍公司和核心技术，然后说明服务对象和优势，最后点出效果。比如：“Cyble通过智能驱动的AI原生平台填补网络安全防御缺口，为全球政府、企业和安全团队提供实时情报和大规模解决方案，帮助用户领先威胁并增强信心。” 检查字数是否在限制内，并确保没有使用“文章内容总结”之类的开头。最后确认语句通顺，信息完整。 Cyble通过智能驱动的AI原生平台填补网络安全防御缺口，为全球政府、企业和安全团队提供实时情报和大规模解决方案，帮助用户领先威胁并增强信心。

A vulnerability has been found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android and classified as problematic. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2026-4250. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

根据发表在《Archives of Sexual Behavior》期刊上的一项研究，AI 生成的女性裸照的性吸引力高于真人照片。研究人员在捷克招募了 649 名异性恋成年人，参与者主要为男性，女性为 45 人。研究人员向他们展示了六种不同类型的图像，包括真实女性的照片、计算机生成的人像、AI 生成的人像、经过整形手术的真实女性、硅胶性爱娃娃和成人动漫图像。参与者对每张图像的真实性、性吸引力和审美进行评分。结果显示，虽然 AI 生成的图像在真实性上低于真人照片，但在审美吸引力和性吸引力上都最高。

Submit #771436 / VDB-351209

A vulnerability, which was classified as critical, has been found in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. This vulnerability is listed as CVE-2026-3965. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

Submit #771435 / VDB-351208

Злоумышленники мастерски освоили искусство торговать пустотой.

【嘶吼安全动态】3·15晚会丨AI大模型被“投毒”？

网络安全，关乎每个人。保持警惕，理性使用AI工具。