Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002870)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002870 advisory. The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to...

EUVD-2007-6184

Malware in sbrugna...

EUVD-2023-41730

Malicious code in bioql PyPI...

EUVD-2023-54032

Malicious code in bioql PyPI...

EUVD-2023-41729

Malicious code in bioql PyPI...

CVE-2024-12079

ECOVACS robot lawnmowers are affected by CVE-2024-12079 due to storing the anti-theft PIN in cleartext on the device filesystem. This allows a local attacker to read the PIN and reset the anti-theft mechanism, enabling theft or circumvention of anti-theft protections. The available sources confir...

PT-2025-1745 · Ecovacs · Ecovacs Robot Lawnmowers

Name of the Vulnerable Software and Affected Versions: ECOVACS robot lawnmowers affected versions not specified Description: The issue concerns the storage of the anti-theft PIN in cleartext on the device filesystem. This allows an attacker to steal a lawnmower, read the PIN, and reset the...

kernel: USB: core: Make do_proc_control() and do_proc_bulk() killable

In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...

CVE-2023-37856

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser...

CVE-2023-37856

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser...

CVE-2023-37856

PHOENIX CONTACT WP 6xxx series web panels are affected by CVE-2023-37856 (pre-4.0.10). A low-privilege remote attacker can gain read-access to the device file system via a configuration dialog in the embedded Qt browser. Affected product: WP 6xxx web panels; vulnerable versions: prior to 4.0.10. ...

PT-2023-4514 · Phoenix Contact +1 · Phoenix Contact Wp 6Xxx Series Web Panels +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: A remote attacker with low privileges can gain limited read-access to the device-filesystem within the embedded Qt browser. The issue is related to errors in...

Cisco Identity Services Engine Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2021-42753

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in...

Design/Logic Flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

PT-2016-5973 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7 Description: The issue concerns the proc connectinfo function in the Linux kernel, which fails to initialize a certain data structure. This allows local users to obtain sensitive information from kernel stac...