Aggregator
开源模型能否战胜 OpenAI?
3 weeks 5 days ago
中美两国的 AI 公司采取了不同的发布策略:中国侧重于开源权重模型,美国公司如 OpenAI 和 Anthropic 则采用闭源策略。Hugging Face 前亚太生态系统高管 Tiezhen Wang 表示,OpenAI 和 Anthropic 指责中国 AI 公司蒸馏其模型,他认为蒸馏是中性的,美国 AI 公司是通过抓取互联网上的信息训练模型,它们并非知识的创造者,却试图阻止其他人重复利用知识,有点讽刺。所有 AI 生成的内容都应该没有版权,否则拥有算力的人能滥用权力,生成各种组合内容然后对所有内容都申请版权。他发现中国公司和美国公司在最大化使用 token 上有明显差异,因为中国有很多开源权重模型,其使用成本没有美国大,因此中国互联网公司都鼓励员工最大化使用 token,鼓励员工成为 AI 原生开发者,甚至禁止他们手动完成撰写文档之类的日常工作。
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
3 weeks 5 days ago
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.
"The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,
The Hacker News
Хакеры добрались до Ozempic. Novo Nordisk взломана — украдены данные тысяч участников испытаний
3 weeks 5 days ago
Novo Nordisk объяснила, почему кража медицинских данных – это «почти не страшно».
CVE-2026-44705 | raszi node-tmp up to 0.2.5 Temporary Directory path traversal (EUVD-2026-36264 / Nessus ID 320882)
3 weeks 5 days ago
A vulnerability identified as critical has been detected in raszi node-tmp up to 0.2.5. This issue affects some unknown processing of the component Temporary Directory Handler. Performing a manipulation results in path traversal.
This vulnerability is reported as CVE-2026-44705. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2026-47167 | Vim up to 9.2.495 Pattern cucumber.vim stepmatch code injection (GHSA-4473-94jm-w5x9 / EUVD-2026-36280)
3 weeks 5 days ago
A vulnerability classified as critical was found in Vim up to 9.2.495. This impacts the function stepmatch of the file runtime/ftplugin/cucumber.vim of the component Pattern Handler. Such manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2026-47167. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-47162 | vim up to 9.2.494 Directory netrw.vim NetrwBookHistSave injection (GHSA-crm5-rh6j-2c7c)
3 weeks 5 days ago
A vulnerability was found in vim up to 9.2.494. It has been declared as critical. The impacted element is the function NetrwBookHistSave of the file runtime/pack/dist/opt/netrw/autoload/netrw.vim of the component Directory Handler. Executing a manipulation can lead to injection.
This vulnerability is tracked as CVE-2026-47162. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-43278 | Apple macOS up to 15.3 App symlink (EUVD-2025-210111)
3 weeks 5 days ago
A vulnerability labeled as critical has been found in Apple macOS up to 15.3. This vulnerability affects unknown code of the component App. Executing a manipulation can lead to symlink following.
This vulnerability is registered as CVE-2025-43278. The attack needs to be launched locally. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2025-46313 | Apple macOS up to 26.0 App information disclosure (EUVD-2025-210112)
3 weeks 5 days ago
A vulnerability classified as problematic has been found in Apple macOS up to 26.0. The affected element is an unknown function of the component App. This manipulation causes information disclosure.
This vulnerability appears as CVE-2025-46313. The attack requires local access. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-52858 | vim up to 9.2.0560 Working Directory code injection (GHSA-52mc-rq6p-rc7c / WID-SEC-2026-1759)
3 weeks 5 days ago
A vulnerability, which was classified as critical, has been found in vim up to 9.2.0560. This affects an unknown function of the component Working Directory Handler. Performing a manipulation results in code injection.
This vulnerability is known as CVE-2026-52858. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-52860 | vim up to 9.2.596 Command Line exec code injection (GHSA-52mc-rq6p-rc7c)
3 weeks 5 days ago
A vulnerability, which was classified as critical, was found in vim up to 9.2.596. This impacts the function exec of the component Command Line Handler. Executing a manipulation can lead to code injection.
This vulnerability is handled as CVE-2026-52860. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-52859 | vim up to 9.2.564 Command Line src/terminal.c update_snapshot out-of-bounds (GHSA-47gw-8gc3-mgcm / EUVD-2026-36283)
3 weeks 5 days ago
A vulnerability categorized as problematic has been discovered in vim up to 9.2.564. This issue affects the function update_snapshot of the file src/terminal.c of the component Command Line Handler. Executing a manipulation can lead to out-of-bounds read.
This vulnerability is tracked as CVE-2026-52859. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-53819 | OpenClaw up to 2026.5.26 untrusted search path (GHSA-8wg3-5mcm-fjq8 / EUVD-2026-36325)
3 weeks 5 days ago
A vulnerability was found in OpenClaw up to 2026.5.26. It has been declared as problematic. The affected element is an unknown function. The manipulation results in untrusted search path.
This vulnerability is known as CVE-2026-53819. Attacking locally is a requirement. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-12024 | Google Chrome up to 149.0.7827.103 DevTools cross-domain policy (ID 517086 / Nessus ID 320842)
3 weeks 5 days ago
A vulnerability was found in Google Chrome. It has been rated as problematic. This impacts an unknown function of the component DevTools. This manipulation causes permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2026-12024. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-6933 | Premmerce Dev Tools Plugin up to 2.0 on WordPress generatePluginHandler premmerce_plugin_namespace unrestricted upload (EUVD-2026-37033)
3 weeks 5 days ago
A vulnerability classified as critical was found in Premmerce Dev Tools Plugin up to 2.0 on WordPress. This affects the function generatePluginHandler. Such manipulation of the argument premmerce_plugin_namespace leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2026-6933. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-9187 | zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress action__remove_abandoned authorization (EUVD-2026-37032)
3 weeks 5 days ago
A vulnerability, which was classified as critical, was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned. Executing a manipulation can lead to missing authorization.
The identification of this vulnerability is CVE-2026-9187. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-10780 | mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress Shortcode static_block_content ID authorization (EUVD-2026-37034)
3 weeks 5 days ago
A vulnerability has been found in mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress and classified as problematic. Impacted is the function static_block_content of the component Shortcode Handler. The manipulation of the argument ID leads to authorization bypass.
This vulnerability is referenced as CVE-2026-10780. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-9912 | Nokia SR Linux up to 23.10.7/24.10.5/25.7.1 Local Privilege Escalation (EUVD-2025-210165)
3 weeks 5 days ago
A vulnerability identified as problematic has been detected in Nokia SR Linux up to 23.10.7/24.10.5/25.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation.
This vulnerability is documented as CVE-2025-9912. The attack needs to be performed locally. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-8444 | WP Review Slider Pro Plugin up to 12.6.8 on WordPress AJAX Action get_results curselrevs sql injection (EUVD-2026-37040)
3 weeks 5 days ago
A vulnerability was found in WP Review Slider Pro Plugin up to 12.6.8 on WordPress. It has been rated as critical. This impacts the function get_results of the component AJAX Action Handler. Performing a manipulation of the argument curselrevs results in sql injection.
This vulnerability is cataloged as CVE-2026-8444. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-10093 | deepakkite Secure Client Portal and Private File Sharing Plugin cross site scripting (EUVD-2026-37041)
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in deepakkite Secure Client Portal and Private File Sharing Plugin up to 2.1.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument fldr_ttl results in cross site scripting.
This vulnerability is reported as CVE-2026-10093. The attack can be launched remotely. No exploit exists.
vuldb.com