Aggregator

CVE-2023-43907 | OptiPNG 0.7.7 gifread.c buffer buffer overflow (EUVD-2023-48267 / Nessus ID 266166)

Vuldb Updates
4 months 2 weeks ago
A vulnerability marked as critical has been reported in OptiPNG 0.7.7. Affected by this vulnerability is an unknown functionality of the file gifread.c. This manipulation of the argument buffer causes buffer overflow. This vulnerability is handled as CVE-2023-43907. The attack can only be done within the local network. There is not any exploit available.
vuldb.com

Waymo 部分远程操作人员位于菲律宾

Solidot
4 months 2 weeks ago
在美国国会自动驾驶汽车安全和监管听证会上,Waymo 首席安全官 Mauricio Peña 披露该公司的部分远程操作人员位于菲律宾。当自动驾驶汽车遭遇它无法自己解决的驾驶情况时怎么办?汽车会联络公司,与远程操作人员进行通信,远程操作人员并不会远程驾驶汽车,而是提供指导,动态的驾驶任务仍然由汽车自身负责。Mauricio Peña 博士表示部分远程操作人员位于美国,还有部分位于菲律宾。Waymo 解释说,远程操作员工都是持有驾照的司机,会接受与驾驶相关的犯罪记录和其它交通违规行为的审查,还会“接受随机的毒品检测”。

CVE-2026-2083 | code-projects Social Networking Site 1.0 /delete_post.php ID sql injection (EUVD-2026-5730)

Vuldb Updates
4 months 2 weeks ago
A vulnerability marked as critical has been reported in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2083. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection (EUVD-2026-5733)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in UTT HiPER 810 1.7.4-141218. It has been rated as critical. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. This vulnerability is referenced as CVE-2026-2080. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-2086 | UTT HiPER 810G up to 1.7.7-171114 Management Interface /goform/formFireWall strcpy GroupName buffer overflow (EUVD-2026-5727)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical was found in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. This vulnerability is reported as CVE-2026-2086. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-40166 | Linux Kernel up to 6.12.54/6.17.4/6.18-rc1 exec_destroy state issue (Nessus ID 275228 / WID-SEC-2025-2579)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.54/6.17.4/6.18-rc1. This impacts the function exec_destroy. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2025-40166. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40167 | Linux Kernel up to 6.18-rc1 ext4 ext4_es_cache_extent infinite loop (Nessus ID 275225 / WID-SEC-2025-2579)

Vuldb Updates
4 months 2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.18-rc1. Affected by this issue is the function ext4_es_cache_extent of the component ext4. Executing a manipulation can lead to infinite loop. This vulnerability is handled as CVE-2025-40167. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Help Net Security
4 months 2 weeks ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack traffic by geographic region. How state-sponsored attackers hijacked Notepad++ updates Suspected … More →

The post Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast appeared first on Help Net Security.

Help Net Security

Pear

Dark Feed IO
4 months 2 weeks ago

You must login to view this content

cohenido

CVE-2026-2216 | rachelos WeRSS we-mp-rss up to 1.4.8 apis/tools.py download_export_file filename path traversal

VulDB Recent Entries
4 months 2 weeks ago
A vulnerability classified as critical was found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is tracked as CVE-2026-2216. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

Managed ad