Aggregator

Submit #796736 / VDB-359591

ИИ-агентнашел почти 1000 багов в софте, которым пользуется весь мир.

频繁被封、环境不稳定、设备成本高？你缺的不是工具，而是一套底层能力。

看雪论坛作者ID：the_hs

2025 年 9 月和 10 月 Peter Thiel 在旧金山的 Commonwealth 俱乐部发表了四场敌基督主题的演讲。他说，17-18 世纪的敌基督形象会是类似“奇爱博士（Dr. Strangelove）”的疯狂科学家，21 世纪的敌基督则是卢德分子，类似 Greta Thunberg（瑞典气候活动人士）。阶级斗争都没有这么精神错乱。美国的富豪统治集团很少将经济自利包装成宗教使命，但今天的科技精英却将科技行业的未来繁荣描绘成一场对抗撒旦爪牙的战争。哥伦比亚大学法学教授吴修铭(Tim Wu)指出，对科技精英而言 AGI 相当于基督再临。为了奇点降临科技精英愿意不惜一切代价阻止反对者。不管谈论的是字面意义还是比喻意义上的上帝，最核心的问题仍然是金钱。科技巨头强烈反对政府干预，它们在 AI 上的投资规模堪称史无前例，仅 2026 年就将达到 6700 亿美元，占到了美国 GDP 的 2.1%。 利益关系推动硅谷投向共和党的怀抱。2020 年科技行业 98% 的捐款都流向了民主党。但到 2025 年底，近四分之三的科技行业政治支出流向了共和党，其中马斯克为共和党的选举捐赠了 3.51 亿美元。科技公司的游说支出在十年前不到制药巨头一半，如今迅速提升到了四分之三。科技行业在一代人前还承诺把权力和信息下放给平民，如今它们迷恋于监控、虚假信息、垄断和毁灭。科技最初赋能人类，后来却演变成科技赋能于各种掠夺者——最终科技平台本身也沦为企业掠夺者。科技公司何时变得反社会？这种转变是渐进的，是在它们的 CEO 们积累了越来越多的权力和金钱之后。Peter Thiel 从来不是一位自由主义者，他在 2009 年就宣称他不再相信自由和民主能兼容，他在 2014 年写道垄断是所有成功企业的必要条件。吴修铭视 2010 年代是一个转折点，在这之前亚马逊和 Google 等企业就像是慈善机构一样运营，亚马逊成立后的第一个十年基本没有盈利，而 Google 的座右铭是“不作恶”。到了 2010 年代它们开始将股东利益放在第一位，Google 抛弃了不作恶。科技公司认识到了它们所拥有的权力：亚马逊决定了购物方式，Google 决定了获取知识的方式，Facebook 决定了沟通的方式。科技巨头在贪婪上与镀金时代的强盗大亨不相上下，人类将面临一场漫长而艰苦的战斗，因为它们都富可敌国。

A vulnerability classified as problematic has been found in p11-kit. Impacted is the function C_DeriveKey of the file rpc-message.c:. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-2100. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in libssh on Windows. It has been classified as problematic. This affects an unknown function of the component Configuration Handler. Performing a manipulation results in untrusted search path. This vulnerability is identified as CVE-2025-14821. The attack is only possible with local access. There is not any exploit available.

A vulnerability classified as problematic was found in node-oauth oauth2-server up to 5.2.x. This issue affects some unknown processing. Such manipulation of the argument code_verifier leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-41213. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Studio-42 elFinder up to 2.1.66. This affects an unknown part. The manipulation of the argument bg results in os command injection. This vulnerability is identified as CVE-2026-41247. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in FlowiseAI Flowise up to 3.0.x. Affected by this issue is some unknown functionality of the file /api/v1/public-chatbotConfig/:id. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-41266. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in FlowiseAI Flowise up to 3.0.x. It has been rated as critical. This vulnerability affects the function repository.save of the component DocumentStore Creation Endpoint. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-41277. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in OpenClaw up to 2026.3.30. Affected by this vulnerability is an unknown functionality of the component Control Interface. This manipulation causes exposure of sensitive system information to an unauthorized control sphere. This vulnerability appears as CVE-2026-41335. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.3.30. It has been classified as critical. Impacted is an unknown function of the file extensions/discord/src/monitor/agent-components-helpers.ts of the component Discord Component. This manipulation causes insufficient type distinction. This vulnerability is tracked as CVE-2026-41341. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in OpenClaw up to 2026.3.21. This vulnerability affects unknown code. Executing a manipulation can lead to external control of assumed-immutable web parameter. This vulnerability is handled as CVE-2026-41353. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.3.30 and classified as problematic. The impacted element is an unknown function of the component validationHTTP Operator Endpoint. Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-41347. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in steveukx simple-git up to 3.35.x. Affected is an unknown function. Performing a manipulation results in code injection. This vulnerability is cataloged as CVE-2026-6951. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in steveukx simple-git up to 3.35.x. Affected is an unknown function. Performing a manipulation results in code injection. This vulnerability is cataloged as CVE-2026-6951. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.9. This impacts an unknown function of the component batman-adv. Such manipulation of the argument packet_len leads to allocation of resources. This vulnerability is listed as CVE-2026-31683. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.82/6.18.23/6.19.13. This affects the function tcf_csum_act of the component net. This manipulation causes privilege escalation. This vulnerability is tracked as CVE-2026-31684. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13. The impacted element is the function eui64_mt6 of the component netfilter. The manipulation results in incorrect comparison. This vulnerability is identified as CVE-2026-31685. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.