Aggregator

Submit #771771 / VDB-351211

A vulnerability has been found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android and classified as problematic. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2026-4250. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #771759 / VDB-351210

A vulnerability was found in CityData CityChat up to 0.12.6 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage of credentials. This vulnerability appears as CVE-2026-4251. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

好的，我现在需要帮用户总结一篇文章，控制在100字以内。用户给的原文是关于Cyble公司的介绍。首先，我得通读一下原文，抓住关键点。 文章开头提到Cyble用智能驱动的AI原生统一控制面板来填补网络安全防御缺口。接着说他们是全球政府、企业和安全团队信赖的力量。然后提到他们有无与伦比的可见性、实时情报和为规模构建的平台，不仅跟上威胁，还能领先一步，让用户有信心前进。 接下来，我要把这些信息浓缩到100字以内。首先确定主要元素：公司名称、核心技术（智能驱动AI）、目标（填补防御缺口）、服务对象（政府、企业）、优势（实时情报、平台规模）和效果（领先威胁）。 然后组织语言，确保简洁明了。可能的结构是先介绍公司和核心技术，然后说明服务对象和优势，最后点出效果。比如：“Cyble通过智能驱动的AI原生平台填补网络安全防御缺口，为全球政府、企业和安全团队提供实时情报和大规模解决方案，帮助用户领先威胁并增强信心。” 检查字数是否在限制内，并确保没有使用“文章内容总结”之类的开头。最后确认语句通顺，信息完整。 Cyble通过智能驱动的AI原生平台填补网络安全防御缺口，为全球政府、企业和安全团队提供实时情报和大规模解决方案，帮助用户领先威胁并增强信心。

A vulnerability has been found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android and classified as problematic. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2026-4250. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

根据发表在《Archives of Sexual Behavior》期刊上的一项研究，AI 生成的女性裸照的性吸引力高于真人照片。研究人员在捷克招募了 649 名异性恋成年人，参与者主要为男性，女性为 45 人。研究人员向他们展示了六种不同类型的图像，包括真实女性的照片、计算机生成的人像、AI 生成的人像、经过整形手术的真实女性、硅胶性爱娃娃和成人动漫图像。参与者对每张图像的真实性、性吸引力和审美进行评分。结果显示，虽然 AI 生成的图像在真实性上低于真人照片，但在审美吸引力和性吸引力上都最高。

Submit #771436 / VDB-351209

A vulnerability was found in jpadilla pyjwt up to 2.11.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Header Parameter Handler. The manipulation of the argument crit results in insufficient verification of data authenticity. This vulnerability is known as CVE-2026-32597. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. This vulnerability is listed as CVE-2026-3965. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

Submit #771435 / VDB-351208

Злоумышленники мастерски освоили искусство торговать пустотой.

【嘶吼安全动态】3·15晚会丨AI大模型被“投毒”？

网络安全，关乎每个人。保持警惕，理性使用AI工具。

好，我需要帮用户总结一篇文章，控制在100字以内，而且不需要特定的开头。用户给的原文是关于环境异常的提示，要求完成验证后才能继续访问，并提供了一个“去验证”的链接。 首先，我要理解原文的核心信息。看起来这是一个系统提示，告诉用户当前环境有问题，需要进行验证才能继续使用。关键点包括环境异常、完成验证、继续访问以及提供的链接。 接下来，我需要将这些信息浓缩成一句话。要确保包含所有关键点：环境异常、验证步骤、继续访问的可能性以及如何进行验证。 然后，检查字数是否在限制内。我的初步总结是：“当前环境出现异常，需完成验证后方可继续访问。” 这句话简洁明了，涵盖了所有重要信息，并且没有超过100字。 最后，确认没有使用任何不需要的开头词，直接描述了文章内容。这样应该符合用户的要求。 当前环境出现异常，需完成验证后方可继续访问。

嗯，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要理解用户的需求。他们可能是在快速浏览信息，或者需要简洁的摘要用于某种用途，比如报告或分享。 接下来，看看用户提供的文章内容。文章标题是“环境异常”，内容提到当前环境异常，完成验证后可以继续访问，并有一个“去验证”的链接。看起来这是一篇关于网络或系统环境出现异常的通知，提醒用户进行验证以便继续使用服务。 现在，我需要将这些信息浓缩到一百字以内。要抓住关键点：环境异常、完成验证、继续访问。同时，语言要简洁明了，直接描述情况。 可能会考虑的表达方式有：“当前环境异常，请完成验证后继续访问。”这样既涵盖了主要内容，又符合字数限制和格式要求。 另外，用户特别指出不需要以“文章内容总结”等开头，所以直接描述情况即可。这样更符合他们的需求。 最后，检查一下是否遗漏了重要信息。没有提到具体的问题类型或解决方案细节，但根据用户的要求，只需概括主要内容即可。 当前环境异常，请完成验证后继续访问。

A vulnerability, which was classified as problematic, was found in Samsung Galaxy Store. This impacts an unknown function. Such manipulation leads to improper verification of cryptographic signature. This vulnerability is documented as CVE-2026-21002. The attack needs to be performed locally. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Samsung Galaxy Store. This affects an unknown function. This manipulation causes path traversal: '.../...//'. This vulnerability is registered as CVE-2026-21001. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Samsung Galaxy Store. The impacted element is an unknown function. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-21000. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.