Aggregator

Waymo 部分远程操作人员位于菲律宾

Solidot
4 months 2 weeks ago
在美国国会自动驾驶汽车安全和监管听证会上,Waymo 首席安全官 Mauricio Peña 披露该公司的部分远程操作人员位于菲律宾。当自动驾驶汽车遭遇它无法自己解决的驾驶情况时怎么办?汽车会联络公司,与远程操作人员进行通信,远程操作人员并不会远程驾驶汽车,而是提供指导,动态的驾驶任务仍然由汽车自身负责。Mauricio Peña 博士表示部分远程操作人员位于美国,还有部分位于菲律宾。Waymo 解释说,远程操作员工都是持有驾照的司机,会接受与驾驶相关的犯罪记录和其它交通违规行为的审查,还会“接受随机的毒品检测”。

CVE-2026-2083 | code-projects Social Networking Site 1.0 /delete_post.php ID sql injection (EUVD-2026-5730)

Vuldb Updates
4 months 2 weeks ago
A vulnerability marked as critical has been reported in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2083. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection (EUVD-2026-5733)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in UTT HiPER 810 1.7.4-141218. It has been rated as critical. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. This vulnerability is referenced as CVE-2026-2080. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-2086 | UTT HiPER 810G up to 1.7.7-171114 Management Interface /goform/formFireWall strcpy GroupName buffer overflow (EUVD-2026-5727)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical was found in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. This vulnerability is reported as CVE-2026-2086. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-40166 | Linux Kernel up to 6.12.54/6.17.4/6.18-rc1 exec_destroy state issue (Nessus ID 275228 / WID-SEC-2025-2579)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.54/6.17.4/6.18-rc1. This impacts the function exec_destroy. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2025-40166. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40167 | Linux Kernel up to 6.18-rc1 ext4 ext4_es_cache_extent infinite loop (Nessus ID 275225 / WID-SEC-2025-2579)

Vuldb Updates
4 months 2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.18-rc1. Affected by this issue is the function ext4_es_cache_extent of the component ext4. Executing a manipulation can lead to infinite loop. This vulnerability is handled as CVE-2025-40167. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Help Net Security
4 months 2 weeks ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack traffic by geographic region. How state-sponsored attackers hijacked Notepad++ updates Suspected … More →

The post Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast appeared first on Help Net Security.

Help Net Security

Pear

Dark Feed IO
4 months 2 weeks ago

You must login to view this content

cohenido

CVE-2026-2216 | rachelos WeRSS we-mp-rss up to 1.4.8 apis/tools.py download_export_file filename path traversal

VulDB Recent Entries
4 months 2 weeks ago
A vulnerability classified as critical was found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is tracked as CVE-2026-2216. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-2215 | rachelos WeRSS we-mp-rss up to 1.4.8 JWT core/auth.py SECRET_KEY default key

VulDB Recent Entries
4 months 2 weeks ago
A vulnerability classified as problematic has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. This vulnerability is identified as CVE-2026-2215. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

Managed ad