OpenSSL、FortiCloud、Python PLY和ChatGPT的扩展造成严重的安全风险,据报有积极开采。 Critical flaws in OpenSSL, FortiCloud, Python PLY, and ChatGPT extensions pose serious security risks, with active exploitation reported.

在OpenSSL、FortiCloud、Python PLY和ChatGPT恶意浏览器扩展中发现了关键脆弱性。 Critical vulnerabilities have been discovered in OpenSSL, FortiCloud, Python PLY, and malicious browser extensions for ChatGPT. OpenSSL缺陷可能允许通过不适当的SSL/TLS验证远程执行代码,而FortiCloud的CVE 2026-24858则被积极用于未经授权的管理员访问。 OpenSSL flaws could allow remote code execution via improper SSL/TLS validation, while FortiCloud’s CVE-2026-24858 is actively exploited for unauthorized admin access. PLY的脆弱性通过不安全的消毒和无赖的ChatGPT扩展号窃取会话数据,使得远程代码执行成为可能。 PLY’s vulnerability enables remote code execution through unsafe deserialization, and rogue ChatGPT extensions steal session data. 敦促用户立即更新受影响的软件,避免未经核实的浏览器扩展,以防止出现违反情况。 Users are urged to update affected software immediately and avoid unverified browser extensions to prevent breaches.