Aggregator

A vulnerability, which was classified as critical, has been found in opensource-workshop connect-cms up to 1.41.0/2.41.0. The affected element is an unknown function. This manipulation causes code injection. This vulnerability appears as CVE-2026-32276. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in opensource-workshop connect-cms up to 1.41.0/2.41.0. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-32277. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in opensource-workshop connect-cms up to 1.41.0/2.41.0 and classified as critical. This affects an unknown function of the component Form Plugin. Performing a manipulation of the argument File results in unrestricted upload. This vulnerability is known as CVE-2026-32278. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in aquasecurity setup-trivy, trivy-action and trivy up to 0.2.5. Impacted is an unknown function. The manipulation leads to embedded malicious code. This vulnerability is listed as CVE-2026-33634. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.6. This impacts an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-27183. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in OpenClaw up to 2026.3.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Header Validation Handler. The manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2026-32913. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in OpenClaw up to 2026.3.6. Impacted is an unknown function of the file /acp. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-27646. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in opensource-workshop connect-cms up to 1.41.0/2.41.0. This affects an unknown function. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-32279. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in opensource-workshop connect-cms up to 1.41.0/2.41.0. This impacts an unknown function. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-32299. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in opensource-workshop connect-cms up to 1.41.0/2.41.0. Affected is an unknown function of the component My Page. Performing a manipulation results in improper authorization. This vulnerability is cataloged as CVE-2026-32300. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

美国科幻作家金·斯坦利·罗宾森（Kim Stanley Robinson）以火星殖民以及地球化改造的三部曲——《红火星》，《绿火星》以及《蓝火星》——著称，他的《红火星》将火星殖民之旅设定在 2026 年。罗宾森在 New Scientist 上发表文章回顾了他的《红火星》以及过去几十年对火星的更深入了解，他认为目前殖民火星是没有任何意义的。《红火星》开始创作的时间是 1989-1990 年，于 1992 年出版，35 年后罗宾森称，殖民火星比以前认为的要困难得多。火星漫游车在本世纪初发现火星表面土壤掺杂着浓度百分之一的高氯酸盐，高氯酸盐在浓度百万分之一时对人类就是有毒的，火星表面对人类剧毒无比。火星更轻的重力以及无阻挡太空辐射都会给人体造成伤害。火星更适合短期的科考而不是长期的殖民。更重要的是人类需要先解决在地球上制造的问题之后去另外一颗星球才有意义。罗宾森表示他对于任何殖民火星的言论都嗤之以鼻，亿万富翁们关于殖民火星的豪言壮语都纯属幻想。

嗯，用户让我用中文总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我需要理解文章内容。文章讲的是一个叫“汉达拉”的黑客组织入侵了FBI局长的个人邮箱，并在网上发布了相关照片和文件链接。FBI回应说信息属于历史性质，没有涉及政府机密，并悬赏1000万美元寻找线索。 接下来，我要确定用户的需求是什么。他们可能需要一个简洁明了的摘要，用于快速了解事件。用户可能不是技术专家，所以要用简单易懂的语言。 然后，我要考虑如何在100字以内涵盖所有关键点：黑客组织名称、支持方、入侵对象、发布内容、FBI回应和悬赏金额。这些信息都需要简明扼要地表达出来。 最后，确保语言流畅，没有复杂的术语，让读者一目了然地理解事件的主要内容和后果。 伊朗支持的“汉达拉”黑客组织入侵美国联邦调查局局长卡什·帕特尔的个人邮箱，并在网上发布其年轻时期照片及Gmail文件链接。FBI表示受影响信息为历史性质，不涉及政府机密，并悬赏1000万美元征集该组织线索。

Британские власти решили не ловить мелкую рыбешку, а сразу осушить весь пруд.

A vulnerability marked as very critical has been reported in Citrix NetScaler ADC and NetScaler Gateway. The impacted element is an unknown function of the component SSL VPN/ICA Proxy/CVPN/RDP Proxy. The manipulation leads to race condition. This vulnerability is documented as CVE-2026-4368. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in blinkospace blinko up to 1.8.3. This affects an unknown function of the component User Information Handler. The manipulation results in information disclosure. This vulnerability is reported as CVE-2026-23486. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in blinkospace blinko up to 1.8.3. Affected is an unknown function. Such manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-23487. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in blinkospace blinko up to 1.8.3. Affected by this vulnerability is an unknown functionality of the file /api/v1/comment/create of the component Post Comment Handler. Performing a manipulation results in authorization bypass. This vulnerability is known as CVE-2026-23488. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in blinkospace blinko up to 1.8.3. Affected by this issue is some unknown functionality of the component Model Context Protocol. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-23882. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in GStreamer and classified as problematic. This affects the function gst_wavparse_adtl_chunk of the component Incomplete Fix CVE-2024-47778. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2026-1940. Local access is required to approach this attack. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability marked as problematic has been reported in Census CSWeb up to 8.0.x. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-60948. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.