Aggregator

OpenSSL Projectより、OpenSSL Security Advisory [13th March 2026]が公開されました。

OpenSSL Projectより、OpenSSL Security Advisory [16th October 2024]（"Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143)"）が公開されました。

A vulnerability, which was classified as critical, was found in IBM Langflow Desktop up to 1.8.2. The affected element is an unknown function of the component Langflow. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2026-3357. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in IBM Verify Identity Access Container, Security Verify Access Container, Verify Identity Access and Security Verify Access. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in execution with unnecessary privileges. This vulnerability is identified as CVE-2026-1346. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in IBM Tivoli Netcool Impact up to 7.1.0.37. This vulnerability affects unknown code. The manipulation results in sensitive information in log files. This vulnerability is cataloged as CVE-2026-4788. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in IBM Verify Identity Access Container, Security Verify Access Container, Verify Identity Access and Security Verify Access. It has been classified as critical. This impacts an unknown function. This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2026-1343. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in Gravity Forms Plugin up to 2.9.30 on WordPress. The impacted element is the function GFCommon::send_json of the component Content-Type Handler. Executing a manipulation of the argument form_ids can lead to cross site scripting. This vulnerability appears as CVE-2026-4406. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in wpchill Download Monitor Plugin up to 5.1.10 on WordPress and classified as problematic. The impacted element is the function actions_handler of the file class-dlm-downloads-path.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2026-4401. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

日本政府内阁会议敲定了《基因组编辑胚胎规制法案》，内容为附带罚则禁止用基因组编辑技术改变人类受精卵的基因并以生育为目的向人类、动物子宫进行移植的研究及治疗。此举旨在管制基因编辑婴儿的出生。对受精卵的基因组编辑有望对遗传性疾病起到预防作用，但另一方面也存在产生超出预期的影响等技术层面的极限和风险。试图得到按照意愿设定身高等特征和容貌、运动能力的“设计款婴儿”的做法也引人担忧。目前根据国家的指针，将经过基因组编辑的受精卵放回人体子宫的做法受到部分禁止，但即便违反也没有相应的处罚规定。此次法案把用经过基因组编辑的精子和卵子制成的受精卵也列为对象。若向人类、动物的子宫进行移植，则处以 10 年以下监禁或 1000 万日元以下罚金，或者两项并罚。

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro 

Новый выпуск клиента исправляет старую проблему MTProto и делает блокировку соединения менее предсказуемой.

速修复

行业需要想清楚如何为‘修复’提供资金，而不仅仅是为‘发现’买单。

近日，《纽约时报》记者Mike Isaac和Erin Griffith发文揭示了AI编程工具普及后的另一面：代码过载。一家金融服务公司引入AI编程工具后，月产代码量从2.5万行跳升至25万行——增长1...

这家两个月达成千万美金 ARR 的团队，认为音乐才是 AI 视频的入口。

美国 CDC 公布的初步统计数据显示，2025 年美国女性生育的婴儿数量比 2007 年的峰值纪录减少约 71 万。 2007 年美国共有 4,316,233 名婴儿出生。2025 年尽管美国总人口数量更多，但新生儿数量仅为 3,606,400 人。为何生育率下降？部分专家认为是经济方面的因素导致的，另一部分专家则认为是文化影响，以及女性获得更好的教育和避孕途径。数据显示，年轻女性、青少年和二十多岁女性的生育率都出现了大幅下降，其中青少年怀孕率下降了 7%。

开源AI平台Flowise被曝存在远程代码执行漏洞，攻击者可通过未校验配置执行任意代码，目前已被野外利用。

由于系统对 HTTP 重定向处理不当，攻击者可直接访问 ShareFile 管理后台界面。

A vulnerability was found in wolfSSL up to 5.9.0. It has been declared as critical. Affected by this vulnerability is the function wc_CmacUpdate of the component Message Handler. The manipulation results in integer overflow. This vulnerability is identified as CVE-2026-5477. The attack can be executed remotely. There is not any exploit available.

Mozilla 再次指控微软给予自己的浏览器和 AI 服务不公平的优势。即使用户明确选择其它浏览器，微软仍然会引导用户使用 Edge。Mozilla 称，不管默认的浏览器设置，Windows 的部分功能仍然会使用 Edge 打开链接，包括任务栏搜索结果以及 Outlook 和 Teams 等应用中的链接。微软在推广其 AI 助手 Copilot 时采取了类似的做法，利用平台优势推广自家服务。Copilot 固定在任务栏上，在安装了 Microsoft 365 的系统中自动安装，甚至部分型号的笔记本电脑还有专门的按键。Mozilla 认为，当占据主导地位的桌面操作系统制造商在系统层面推广自家浏览器和 AI 工具时，Firefox 之类的独立浏览器难以与之竞争。