@hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass

Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe bucket shape. Patched in 1.3.2: the validator now correlates evidence to the expected component/resource relationship and includes regressio...

PT-2025-46708

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 11.1.6-h1 PA-Series firewalls VM-Series firewalls Prisma Access software Description A denial-of-service DoS condition exists in Palo Alto Networks PAN-OS software. An unauthenticated attacker can...

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian hackers' adoption of artificial intelligence AI in cyber attacks against Ukraine has reached a new level in the first half of 2025 H1 2025, the country's State Service for Special Communications and Information Protection SSSCIP said. "Hackers now employ it not only to generate phishing...

EUVD-2025-31217

Malicious code in bioql PyPI...

EUVD-2022-3538

Malicious code in bioql PyPI...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027

CVE-2025-35027 affects Unitree Go2, G1, H1, and B2 robotic devices sharing a common firmware (MIT Cheetah). It enables command injection by supplying a malicious string during BLE-configured WiFi setup and triggering a WiFi service restart, allowing commands to run as root via the wpa_supplicant_...

CVE-2025-35027 Unitree Multiple Robotic Products Command Injection

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

Unitree多款产品 安全漏洞

Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree H1 is a humanoid robot. A security vulnerability exists in several Unitree products, which stems from an ...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices (through 2025-09-20) accept any handshake secret containing the unitree substring, enabling unauthorized access and control. CVSSv3.1 base score 5.0 (Medium) with adjacent attack vector, high attack complexity, and no privileges required. The issue affects the ...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-60017

CVE-2025-60017 affects Unitree Go2, G1, H1 and B2 devices through 2025-09-20. The root cause is a command injection in the hostapd_restart.sh flow, triggered by crafted values for wifi_ssid or wifi_pass used by restart_wifi_ap and restart_wifi_sta. This leads to potential root-level command execu...