Aggregator

A vulnerability labeled as problematic has been found in sigstore sigstore-ruby up to 0.2.2. This impacts the function sigstore::Verifier#verify. Such manipulation leads to unchecked return value. This vulnerability is referenced as CVE-2026-31830. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Blue-B Alienbin up to 1.0.0. This issue affects some unknown processing of the file /save. This manipulation causes race condition. This vulnerability is tracked as CVE-2026-31827. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in parse-community parse-server up to 8.6.25/9.5.2-alpha.12. Impacted is an unknown function. Such manipulation leads to ldap injection. This vulnerability is listed as CVE-2026-31828. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Istio up to 1.27.7/1.28.4/1.29.0 and classified as problematic. This impacts an unknown function. The manipulation results in information disclosure. This vulnerability is reported as CVE-2026-31837. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Istio up to 1.27.7/1.28.4/1.29.0. This affects an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability was named CVE-2026-31838. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Sylius up to 2.2.2. Affected by this issue is the function orderBy. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-31825. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Umbraco CMS up to 16.5.0/17.2.1. This affects an unknown part of the component API Endpoint. Such manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-31832. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Umbraco CMS up to 16.5.0/17.2.1 and classified as critical. This vulnerability affects unknown code of the component Group Membership Handler. Performing a manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2026-31834. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Umbraco CMS up to 16.5.0/17.2.0. Affected is an unknown function of the component Setting Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-31833. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in FlowiseAI Flowise up to 3.0.12 and classified as critical. The impacted element is an unknown function of the component HTTP Request Handler. The manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-31829. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

腾讯云安全公布近期安全漏洞清单,建议自查更新,防入侵保业务安全

A vulnerability was found in Tenda AC8 up to 16.03.50.11. It has been rated as critical. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-4254. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda AC8 16.03.50.11. It has been declared as critical. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. This vulnerability is known as CVE-2026-4253. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Tenda AC8 16.03.50.11. It has been classified as critical. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. This vulnerability is traded as CVE-2026-4252. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

好，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解它的主要观点。 文章主要讲的是OpenClaw这个AI工具，它不仅能聊天，还能操作电脑。作者通过一个实际案例展示了它的功能：将图片转换为Word文档。这个过程用了Python程序，没有上传图片到大模型，这和豆包等工具不同。最后提到AI的竞争不仅仅是模型强弱，而是如何将能干活的AI集成到各种工具中。 接下来，我需要提炼这些信息。重点包括OpenClaw的功能、案例说明、与其他工具的区别以及竞争趋势。然后用简洁的语言把这些点连贯地表达出来。 可能的结构是：先介绍OpenClaw的功能，然后用案例说明其优势，接着比较其他工具的不同之处，最后总结竞争趋势。 现在开始组织语言： “文章介绍了一款名为OpenClaw的AI工具，它不仅能够进行智能对话，还具备操作电脑的能力。通过一个实际案例展示了其将图片转换为Word文档的功能，并与其他类似工具如豆包进行了对比。指出AI的竞争已从模型能力转向如何将实用功能嵌入日常应用中。” 检查字数是否在100字以内，并确保内容准确传达了原文的核心信息。 文章介绍了一款名为OpenClaw的AI工具，它不仅能够进行智能对话，还具备操作电脑的能力。通过一个实际案例展示了其将图片转换为Word文档的功能，并与其他类似工具如豆包进行了对比。指出AI的竞争已从模型能力转向如何将实用功能嵌入日常应用中。

Submit #771773 / VDB-351212

Submit #771771 / VDB-351211

A vulnerability has been found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android and classified as problematic. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2026-4250. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #771759 / VDB-351210

A vulnerability was found in CityData CityChat up to 0.12.6 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage of credentials. This vulnerability appears as CVE-2026-4251. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.