Aggregator

好的，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得仔细阅读用户提供的文章内容，理解其主要信息。 这篇文章是关于GPN24.de的活动邀请，主题是“Gulasch at the Scale of Chaos”，时间是2026年6月4日至7日，在Karlsruhe的HfG和ZKM举办。活动包括黑客马拉松、讲座、工作坊、音乐和美食，特别是Gulasch。活动由社区支持，需要参与者捐款才能维持运营。 接下来，我需要提取关键信息：活动名称、主题、时间地点、主要内容、参与方式（如注册和捐款）、以及活动的目标和特色。 然后，我要把这些信息浓缩成一句话，确保不超过100字。需要注意的是，开头不需要使用“文章内容总结”之类的词汇，直接描述即可。 最后，检查语言是否简洁明了，确保所有重要信息都被涵盖。 GPN24.de 是一场以“Gulasch at the Scale of Chaos”为主题的黑客马拉松与创意活动，将于2026年6月4日至7日在德国卡尔斯鲁厄的HfG和ZKM举办。参与者可共同编程、分享讲座与工作坊，并享受美食与音乐。活动由社区支持，需通过注册与捐款参与。

A vulnerability was found in AvinashBole quip-mcp-server 1.0.0. It has been declared as critical. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. This vulnerability is listed as CVE-2026-4192. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #770616 / VDB-351099

A vulnerability was found in JawherKl node-api-postgres up to 2.5. It has been classified as critical. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2026-4191. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in JawherKl node-api-postgres up to 2.5 and classified as critical. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. This vulnerability is identified as CVE-2026-4190. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #770002 / VDB-351098

Submit #770001 / VDB-351097

A vulnerability has been found in zephyrproject-rtos Zephyr up to 4.3 and classified as problematic. This affects an unknown function of the file drivers/usb/device/usb_dc_stm32.c of the component stm32 USB Device Driver. The manipulation leads to infinite loop. This vulnerability is referenced as CVE-2026-4179. The attack can only be performed from a local environment. No exploit is available.

A vulnerability, which was classified as critical, was found in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The identification of this vulnerability is CVE-2026-4189. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-4188. The attack may be initiated remotely. In addition, an exploit is available.

Submit #769933 / VDB-351095

A vulnerability classified as critical was found in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-4187. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #769833 / VDB-351094

Submit #769834 / VDB-234346

Submit #769931 / VDB-351093

A vulnerability classified as problematic has been found in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2026-4186. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. This vulnerability is known as CVE-2026-4185. It is possible to launch the attack remotely. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

Submit #769842 / VDB-351092

A vulnerability marked as problematic has been reported in Vulnogram 1.0.0. This affects an unknown part of the component Comment Hypertext Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-32774. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in zephyrproject-rtos Zephyr up to 4.3. Affected by this issue is some unknown functionality of the component Crypto Driver. Executing a manipulation of the argument length can lead to buffer overflow. This vulnerability appears as CVE-2026-0849. The physical device can be targeted for the attack. There is no available exploit.