Aggregator

CVE-2026-6369 | Canonical canonical-livepatch up to 10.14.x Livepatch Service livepatchd.sock missing authentication

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability was found in Canonical canonical-livepatch up to 10.14.x. It has been classified as critical. This issue affects some unknown processing of the file livepatchd.sock of the component Livepatch Service. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-6369. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-34427 | givanz Vvveb up to 1.0.8.0 Plugin Upload dynamically-determined object attributes

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability was found in givanz Vvveb up to 1.0.8.0 and classified as critical. This vulnerability affects unknown code of the component Plugin Upload Handler. Executing a manipulation can lead to dynamically-determined object attributes. This vulnerability is handled as CVE-2026-34427. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-4048 | Progress LoadMaster prior 7.2.63.0 UI command injection

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability has been found in Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager and MOVEit WAF and classified as critical. This affects an unknown part of the component UI. Performing a manipulation results in command injection. This vulnerability is known as CVE-2026-4048. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-3519 | Progress LoadMaster prior 7.2.63.0 API command injection

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability, which was classified as critical, was found in Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager and MOVEit WAF. Affected by this issue is some unknown functionality of the component API. Such manipulation leads to command injection. This vulnerability is traded as CVE-2026-3519. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-3518 | Progress LoadMaster prior 7.2.63.0 API command injection

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager and MOVEit WAF. Affected by this vulnerability is an unknown functionality of the component API. This manipulation causes command injection. This vulnerability appears as CVE-2026-3518. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-3517 | Progress LoadMaster prior 7.2.63.0 API command injection

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability classified as critical was found in Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager and MOVEit WAF. Affected is an unknown function of the component API. The manipulation results in command injection. This vulnerability is reported as CVE-2026-3517. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-5760 | sglang 0.59 Reranking Endpoint /v1/rerank jinja2.Environment special elements used in a template engine

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability classified as critical has been found in sglang 0.59. This impacts the function jinja2.Environment of the file /v1/rerank of the component Reranking Endpoint. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is documented as CVE-2026-5760. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

Attackers Turn QEMU Into a Stealth Backdoor for Credential Theft and Ransomware

Cyber Security News
1 month 4 weeks ago

Threat actors are now weaponizing QEMU, a legitimate open-source machine emulator and virtualizer, as a covert backdoor to steal credentials and deliver ransomware without triggering endpoint security alerts. This alarming shift in attacker behavior highlights how freely available, trusted software tools are being twisted into powerful evasion weapons inside enterprise environments. QEMU, which is widely […]

The post Attackers Turn QEMU Into a Stealth Backdoor for Credential Theft and Ransomware appeared first on Cyber Security News.

Tushar Subhra Dutta

Ten Great Cybersecurity Job Opportunities

Security Boulevard
1 month 4 weeks ago

Security Boulevard is now providing a weekly cybersecurity jobs report through which opportunities for cybersecurity professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for cybersecurity professionals to advance their careers. Of course, the pool..

The post Ten Great Cybersecurity Job Opportunities appeared first on Security Boulevard.

Michael Vizard

从 2027 年起欧盟销售的智能手机和平板必须能更换电池

Solidot
1 month 4 weeks ago
根据欧盟的新规定,从 2027 年起欧洲销售的智能手机和平板电脑必须配备可更换电池。此举旨在减少电子垃圾。欧盟地区每年售出约 1.5 亿部智能手机和 2400 万台平板电脑,相当于每年产生约 500 万吨电子垃圾,只有不到四成的电子垃圾被妥善回收。强制电池可更换的规定于 2027 年 2 月 18 日生效,它还规定任何便捷式电子产品的替换电池必须在产品最后一台投放市场后至少五年内继续供应。电池必须能由消费者自行替换,如果需要专用工具则必须在出售时免费提供。欧盟的新规定还要求操作系统的更新必须持续至少五年。

20th April – Threat Intelligence Report

Check Point Research
1 month 4 weeks ago

For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data linked to some customers. Exposed information included names, email addresses, phone numbers, physical addresses, and booking […]

The post 20th April – Threat Intelligence Report appeared first on Check Point Research.

urias

诺奖得主对人类再生存 50 年感到悲观

Solidot
1 month 4 weeks ago
美国理论物理学家 David Gross 因与学生 Frank Anthony Wilczek 发现了量子色动力学中的渐近自由而在 2004 年共同获得诺贝尔物理学奖,2026 年 4 月 18 日他因为其一生对理论物理学的开创性贡献而获得了基础物理学突破奖的特别奖,获得了 300 万美元奖金。他在接受采访时被问到理论物理学是否可能在 50 年内实现大一统时表示,人类能再生存 50 年的概率非常小。他说,人类每年爆发核战争的概率大约为 2%,过去十年大国之间没有签署任何条约,人类正陷入一场惊人的军备竞赛。最近的一系列事件都增加了核战争的风险,2% 的概率已是保守估计了。当今世界有 9 个拥有核武器的国家,其中三个是核超级大国,情况比两个核大国复杂得多,国家之间的协议和规范都在瓦解。他认为人类能再生存一百年的概率微乎其微,再生存两百年的概率更是趋向于无限小了。所以费米提出的“银河系所有文明所有智慧生命都去哪里?为什么不与人类交流?”的悖论的答案是它们已经自我毁灭了。

Akira

Dark Feed IO
1 month 4 weeks ago

You must login to view this content

cohenido

Managed ad