Aggregator

Submit #769856 / VDB-351108

Submit #769855 / VDB-351108

Submit #769854 / VDB-351107

Submit #769853 / VDB-351106

ИИ запускает, IoT усиливает, группы координируются.

A vulnerability described as critical has been identified in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-4193. The attack may be launched remotely. Furthermore, there is an exploit available. Restrictive firewalling should be applied.

Submit #769839 / VDB-351105

Submit #769841 / VDB-351105

Submit #769838 / VDB-351105

Submit #769837 / VDB-351105

Submit #769836 / VDB-351105

Submit #769835 / VDB-351105

A vulnerability marked as critical has been reported in wickedplugins Wicked Folders Plugin up to 4.1.0 on WordPress. Impacted is the function delete_folders. This manipulation causes authorization bypass. This vulnerability appears as CVE-2026-1883. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in wedevs User Frontend Plugin up to 4.2.8 on WordPress. This issue affects the function draft_post. The manipulation of the argument post_id results in missing authorization. This vulnerability is reported as CVE-2026-2233. The attack can be launched remotely. No exploit exists.

好，我现在要帮用户总结这篇文章的内容。用户的要求是用中文，控制在100字以内，不需要特定的开头，直接写描述。首先，我需要仔细阅读文章内容。 文章讲的是白宫在X平台上发布了一段视频，使用了任天堂游戏“Wii体育”的片段来渲染攻击伊朗的成果。视频中将高尔夫游戏画面和轰炸伊朗军事设施的画面拼接，营造出“一杆进洞”的效果。此外，还用网球、拳击等游戏片段与空袭画面结合。这些内容引发了网友的批评，认为战争和游戏不同，视频令人厌恶。 接下来，我需要提取关键信息：白宫、X平台、任天堂游戏片段、攻击伊朗、渲染成果、视频剪辑、网友批评。然后把这些信息浓缩到100字以内。 可能的结构是：白宫在X上传视频，使用任天堂游戏片段渲染攻击伊朗成果，将游戏画面与轰炸画面拼接，引发批评。 检查字数是否符合要求，并确保没有遗漏重要信息。最终总结应该简洁明了。 白宫在社交平台X上发布了一段约50秒的视频，使用任天堂游戏“Wii体育”片段渲染攻击伊朗的成果。视频将高尔夫等游戏画面与轰炸伊朗军事设施的画面拼接，并配文“不败”。此举引发网友批评称战争与游戏不同。

A vulnerability identified as critical has been detected in webaways NEX-Forms Plugin up to 9.1.9 on WordPress. This vulnerability affects the function submit_nex_form. The manipulation of the argument nf_set_entry_update_id leads to authorization bypass. This vulnerability is documented as CVE-2026-1947. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in GNU Binutils. This affects an unknown part of the component XCOFF Object File Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-3442. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in GNU Binutils. It has been rated as problematic. Affected by this issue is some unknown functionality of the component XCOFF Object File Handler. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-3441. The attack must be initiated from a local position. There is no exploit available.

好的，我现在需要帮用户总结这篇文章的内容。用户的要求是用中文，控制在100字以内，不需要特定的开头，直接描述文章内容。 首先，我得仔细阅读原文。文章提到Meta在被广泛抱怨Facebook变成“AI泔水地狱”之后，宣布了新的检测冒充行为的工具，并更新了创作者指南，更明确地定义了原创内容。现在Facebook正在测试增强的内容保护工具，允许创作者在视频被冒用后采取措施，并通过一个中央仪表板标记内容。Meta的目标是简化举报流程，让创作者在一个地方提交所有报告。但目前的工具主要针对重复内容，而不是未经授权使用创作者肖像的情况。 接下来，我需要提取关键信息：Meta推出新工具检测冒充行为，更新创作者指南定义原创内容，测试增强内容保护工具允许创作者标记和采取措施，简化举报流程在一个地方提交报告。但目前只能处理重复内容，不能检测肖像盗用。 然后我要把这些信息浓缩到100字以内。要确保涵盖所有主要点：新工具、更新指南、测试功能、允许标记和采取措施、简化举报流程、以及当前的局限性。 最后，组织语言使其流畅自然，并且符合用户的要求。 Meta推出新工具检测冒充行为并更新创作者指南以明确原创内容定义。Facebook正在测试增强的内容保护功能，允许创作者通过中央仪表板标记和采取措施应对冒用视频，并简化举报流程。然而当前工具主要针对重复内容而非未经授权使用肖像的情况。