Aggregator

真菌对生命至关重要，但长期以来它们一直被忽视，直到现在。全世界的真菌种类至少有 220 万种，最多可能有 1200 万种，但只有 15.5 万种为人所知，大量物种未被发现和描述。2020 年畅销书《Entangled Life》作者、真菌学家 Merlin Sheldrake 在书中写道：没有真菌网络树就不会存在，没有类似的真菌网络任何植物都无法存在，包括人类在内的陆地动物都无法存在。真菌学家 Giuliana Furci 指出，每个生物体都依赖于一种真菌成分，它们是地球生命的基石。举例来说，内生真菌（Endophytic fungi）存在于几乎所有维管植物的细胞之间和内部，对植物的生长、抵抗力和生存至关重要。它们会释放天然抗生素分子，保护植物抵抗疾病侵害。它们帮助驱赶食草动物和昆虫。它们还能促进磷、氮等营养物质的吸收，改善水分保持，帮助植物忍受压力。真菌对数量庞大的产品至关重要，包括青霉素、氨苄青霉素、他汀类药物和抗真菌药物等药品，以及营养保健品、发酵食品、奶酪、啤酒、葡萄酒、烈酒、色素、化妆品和肥料。近期的一篇论文估计，所有类型真菌的价值接近 55 万亿美元。真菌学家称真菌为生态系统工程师，多项研究表明，约八成的陆生植物物种与真菌存在共生关系。研究人员估计，菌根每年在土壤中固碳 130 亿吨，这一数字相当于全球化石燃料排放量的三分之一。

Currently trending CVE - Hype Score: 3 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

A vulnerability classified as critical was found in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. This vulnerability was named CVE-2026-4172. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-4171. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Оказывается, на самых мелких масштабах законы физики снова устойчивы и нерушимы.

Submit #769770 / VDB-351079

A vulnerability described as critical has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. This vulnerability is handled as CVE-2026-4170. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #769771 / VDB-351078

Submit #769769 / VDB-351078

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

Submit #769768 / VDB-351077

A vulnerability marked as problematic has been reported in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-4169. Remote exploitation of the attack is possible. No exploit is available. There are still doubts about whether this vulnerability truly exists. It is suggested to upgrade the affected component. When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: "However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don't see the point of this from a security perspective." This is reflected by the CVSS vector.

A vulnerability labeled as problematic has been found in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2026-4168. The attack may be launched remotely. Furthermore, there is an exploit available. The presence of this vulnerability remains uncertain at this time. The affected component should be upgraded. The vendor explained: "I was not able to reproduce the same exploit as the TCExam version was already advanced in the meanwhile." Therefore, it can be assumed that this issue got fixed in a later release.

近期，开源AI智能体OpenClaw（俗称“龙虾”）火了，AI“养龙虾”成为全网热点，多地宣布下场“养龙虾”。“龙虾”通

关于防范OpenClaw（“龙虾”）开源智能体安全风险的“六要六不要”建议针对“龙虾”典型应用场景下的安全风险，工业和信

提出工程关系管理（ERM）平台，重构企业工程风险管理方式

Submit #769826 / VDB-351075