Aggregator

CVE-2026-2368 | Lenovo FileZ prior 10.12.3.0/11.1.0.35 Network Traffic certificate validation

VulDB Recent Entries
1 week 6 days ago
A vulnerability described as critical has been identified in Lenovo FileZ. The affected element is an unknown function of the component Network Traffic Handler. Such manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2026-2368. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-32106 | withstudiocms up to 0.4.2 createUser Endpoint privileges management (GHSA-wj56-g96r-673q)

VulDB Recent Entries
1 week 6 days ago
A vulnerability labeled as critical has been found in withstudiocms studiocms up to 0.4.2. This issue affects some unknown processing of the component createUser Endpoint. The manipulation results in improper privilege management. This vulnerability is known as CVE-2026-32106. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-32104 | studiocms up to 0.4.2 updateUserNotifications Endpoint authorization (GHSA-9v82-xrm4-mp52)

VulDB Recent Entries
1 week 6 days ago
A vulnerability identified as problematic has been detected in studiocms up to 0.4.2. This vulnerability affects unknown code of the component updateUserNotifications Endpoint. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-32104. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-32117 | ekacnet grafanacubism-panel up to 0.1.2 cubism.js assign cross site scripting (GHSA-q6fh-6m3m-5948)

VulDB Recent Entries
1 week 6 days ago
A vulnerability categorized as problematic has been discovered in ekacnet grafanacubism-panel up to 0.1.2. This affects the function assign of the file cubism.js. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-32117. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2026-32133 | Bubka 2FAuth up to 6.0.x Image Parser image server-side request forgery (GHSA-8qp3-x2mp-j6f8)

VulDB Recent Entries
1 week 6 days ago
A vulnerability was found in Bubka 2FAuth up to 6.0.x. It has been rated as critical. Affected by this issue is some unknown functionality of the component Image Parser. Performing a manipulation of the argument image results in server-side request forgery. This vulnerability is reported as CVE-2026-32133. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-32101 | studiocms up to 0.3.0 PUT isAuthorized authorization (GHSA-mm78-fgq8-6pgr)

VulDB Recent Entries
1 week 6 days ago
A vulnerability was found in studiocms up to 0.3.0. It has been declared as critical. Affected by this vulnerability is the function isAuthorized of the component PUT Handler. Such manipulation leads to incorrect authorization. This vulnerability is documented as CVE-2026-32101. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-32110 | SiYuan up to 3.5.x Endpoint forwardProxy server-side request forgery (GHSA-56cv-c5p2-j2wg)

VulDB Recent Entries
1 week 6 days ago
A vulnerability was found in SiYuan up to 3.5.x. It has been classified as critical. Affected is an unknown function of the file /api/network/forwardProxy of the component Endpoint. This manipulation causes server-side request forgery. This vulnerability is registered as CVE-2026-32110. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-1717 | Lenovo Vantage/Baiying prior 1.0.0.138 LenovoProductivitySystemAddin argument injection

VulDB Recent Entries
1 week 6 days ago
A vulnerability was found in Lenovo Vantage and Baiying and classified as critical. This impacts an unknown function of the component LenovoProductivitySystemAddin. The manipulation results in argument injection. This vulnerability is cataloged as CVE-2026-1717. The attack must be initiated from a local position. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-1716 | Lenovo Vantage/Baiying prior 1.0.8.15 DeviceSettingsSystemAddin argument injection

VulDB Recent Entries
1 week 6 days ago
A vulnerability has been found in Lenovo Vantage and Baiying and classified as critical. This affects an unknown function of the component DeviceSettingsSystemAddin. The manipulation leads to argument injection. This vulnerability is listed as CVE-2026-1716. The attack must be carried out locally. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-1715 | Lenovo Vantage/Baiying prior 1.0.8.15 DeviceSettingsSystemAddin argument injection

VulDB Recent Entries
1 week 6 days ago
A vulnerability, which was classified as critical, was found in Lenovo Vantage and Baiying. The impacted element is an unknown function of the component DeviceSettingsSystemAddin. Executing a manipulation can lead to argument injection. This vulnerability is tracked as CVE-2026-1715. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.
vuldb.com

Bell Ambulance data breach impacted over 238,000 people

Security Affairs
1 week 6 days ago
Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information. Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, […]
Pierluigi Paganini

CVE-2026-32108 | 9001 copyparty up to 1.20.11 authorization (GHSA-67rw-2x62-mqqm)

VulDB Recent Entries
1 week 6 days ago
A vulnerability, which was classified as problematic, has been found in 9001 copyparty up to 1.20.11. The affected element is an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability is identified as CVE-2026-32108. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-32109 | 9001 copyparty up to 1.20.11 prologue.html cross site scripting (GHSA-rcp6-88mm-9vgf)

VulDB Recent Entries
1 week 6 days ago
A vulnerability classified as problematic was found in 9001 copyparty up to 1.20.11. Impacted is an unknown function of the file prologue.html. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-32109. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-32136 | AdguardTeam AdGuardHome up to 0.107.72 improper authentication (GHSA-5fg6-wrq4-w5gh)

VulDB Recent Entries
1 week 6 days ago
A vulnerability classified as critical has been found in AdguardTeam AdGuardHome up to 0.107.72. This issue affects some unknown processing. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2026-32136. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

筑牢“十五五”安全基座:从2026年两会透视网络安全全景趋势

嘶吼
1 week 6 days ago

2026年是“十五五”规划的开局之年,也是新修订的《网络安全法》正式施行的重要年份。在十四届全国人大四次会议上,网络安全已深度融入国家战略规划、宏观经济治理、资金投向及人才培养的全局之中。作为网络安全媒体,我们从规划、经济、技术、法治四个维度,为您解析今年两会释放的关键信号。

一、顶层规划:“十五五”开局,统筹发展与安全的新高度

2026年两会审查了“十五五”规划纲要草案,明确了这一时期是基本实现社会主义现代化夯实基础的关键期。

主要目标和重大任务:《2026年政府工作报告》中提出多项主要指标,其中“十五五”时期 “统筹发展和安全”被列为四大突出战略任务之一。

从防风险转向主动进取:今年的政府工作报告中,“加强重点领域风险防范化解”的排序有所调整,反映出中国经济正从“稳阵脚”阶段转向以科技创新和产业升级为核心的积极进取期,网络安全成为这一进程的底层支撑。

嘶吼观察:安全正在从合规成本向发展红利演进。在“十五五”框架下,安全能力本身已成为竞争力的组成部分。行业企业或将安全视为应对外部环境不确定性的内部确定性来源,逐步将其内化为业务发展的支撑要素。

二、经济动能:智能经济成新增长极,国债与金融双轮夯实安全底座

《国务院关于深入实施“人工智能+”行动的意见》提到,到2030年,我国人工智能全面赋能高质量发展,新一代智能终端、智能体等应用普及率超90%,智能经济成为我国经济发展的重要增长极,推动技术普惠和成果共享。

1、顶层定调:智能经济成为新增长极

在今年两会期间,《2026年政府工作报告》,提出新热词“智能经济”, 打造智能经济新形态,这是一种以人工智能为驱动、数据为关键要素的新型经济范式。

2、资金落地:1.3 万亿特别国债夯实安全底座

2025年我国顺利发行1.3万亿元超长期特别国债,其中8000亿元用于“两重”建设,5000亿元用于“两新”工作。在“两重”领域,资金支持1459个重大项目,覆盖重大交通、水利、能源、生态环保、高标准农田等,夯实国家战略与安全能力根基。安全能力建设虽非唯一投向,却是贯穿所有重大项目的底线保障与核心前提,在智能经济全面铺开的背景下,战略重要性持续提升。

3、金融赋能:民营网安需获精准支持

全国政协委员齐向东建议:扩大知识产权、股权等质押贷款覆盖面,为网络安全产业提供长效资本支持,降低民营科创企业融资成本,助力安全企业轻资产高质量发展,为智能经济安全底座注入市场化活力。

嘶吼观察:智能经济的爆发,本质是AI生产力与数据要素的双重释放。而安全底座的夯实,则是国家战略、财政资金、市场机制的协同发力。从顶层设计到资金落地,再到民营网安企业的金融赋能,三者形成闭环,智能经济向前奔跑,安全底座同步加固。

未来一段时期,智能经济将进入规模化落地、普惠化应用的关键阶段。谁能在技术创新、场景落地、安全保障上形成协同优势,谁就能抓住这一轮结构性机遇。

三、核心技术:AI权限边界与“以模治模”的防御思路

随着大模型从效率工具转向具备自主执行能力,AI安全成为今年讨论较为集中的技术议题。两会期间,网络安全行业代表们关注当AI智能体调用系统时,权限边界如何划分。相关讨论涉及权限最小化和操作可追溯原则,关键操作的二次确认与执行留痕成为关注焦点。

周鸿祎委员提出构建“以模治模”的防御思路,建议加快推行安全智能体,赋予关键信息基础设施自动感知、研判与响应能力。

嘶吼观察:智能体在政务和工业场景的普及,带来了自动化与透明度之间的平衡问题。“安全前置”的理念若能从建设阶段就融入系统设计,明确责任边界,或可为新质生产力的发展提供更稳健的支撑。

四、法治护航:高质量立法构建数智社会的基础框架

2026年两会展现了法治在网络安全领域的支撑作用。随着新修订的《网络安全法》正式施行,网络生态治理进入新阶段。两会强调统筹立、改、废、释、纂,通过立法为中国式现代化提供法治保障。

处罚力度的结构性调整是此次修法的显著特征。针对关键信息基础设施运营者违法行为,罚款上限从原来的100万元提升至1000万元,并对直接负责的主管人员增设个人罚款。这一调整或许反映了立法者对网络安全外部性风险的重新评估——关键基础设施的安全事件往往具有系统性影响,传统的处罚力度可能难以形成有效威慑。

此外,两会期间,全国人大代表、美的集团副总裁兼首席财务官钟铮提出《关于加强对AI数字人直播管理的建议》:第一要完善法律法规,强化数字人身份认证与责任追溯;第二要强化技术赋能,构建实时高效的内容审核体系;第三要压实多方主体责任,加强跨部门协同监管与公众监督。

嘶吼观察:从新修《网络安全法》大幅提高违法成本、压实个人与主体责任,到代表聚焦AI数字人直播提出全链条治理建议,2026年两会传递出清晰信号:数智社会的安全底座,必须由高质量法治来夯实。立法不再是被动应对风险,而是主动前瞻布局,既用重罚守住关键信息基础设施的安全底线,也用细规规范AI新业态的发展边界,兼顾安全底线与创新空间。未来,法治与技术将持续双向赋能,以规则确定性对冲技术不确定性,为数字经济健康发展、网络空间清朗有序提供更坚实的护航力量。

结语:在确定性中寻找结构性机遇

2026年两会勾勒出的网络安全图景,或许可以用“同步”二字概括,智能经济与安全防护同步推进,技术迭代与制度完善同步演进,国家战略与市场主体同步发力。

从“十五五”规划将安全纳入突出战略任务,到新《网络安全法》的处罚升级,这些信号并非孤立的政策宣示,而是试图在快速变化的技术环境中,建立某种可预期的秩序。

对于行业而言,这种秩序可能意味着双重影响:一方面,合规成本与责任压力确实存在。另一方面,当安全能力成为项目准入、融资授信、市场准入的隐性门槛时,深耕技术、建立差异化优势的企业或将获得更稳固的竞争位势

2026年作为“十五五”开局之年,其意义或许正在于,它为这种转化提供了时间窗口,也提出了紧迫要求。未来几年的产业格局,或将由这一时期的技术投入方向、人才储备深度、合规体系建设质量所塑造。

参考文献:

http://222.132.157.151:9989/page/2/2026-03/06/A03/20260306A03_pdf.pdf

https://www.ykzq.com/products/download-new/rpt/2026/03/05/02a83dfa76954ed7b6ecea1b77c2f200.pdf

https://finance.sina.com.cn/wm/2026-03-06/doc-inhpzkwt6092554.shtml

https://www.21jingji.com/article/20260306/herald/50fb64d77239290feafa1678c295ed28.html

https://baijiahao.baidu.com/s?id=1859265155908677437

https://www.gm7.org/archives/53459

https://baijiahao.baidu.com/s?id=1859190675670535860

山卡拉

Managed ad