Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014329 advisory. In the Linux kernel, the following vulnerability has been resolved: USB: gadget: grudc: fix memory leak with using debugfslookup When calling debugfslookup the resul...

MINI-VCH6-P5X8-GR6X

Bulletin has no description...

CVE-2026-28416

A flaw was found in Gradio, an open-source Python package for rapid prototyping. A remote attacker can exploit a Server-Side Request Forgery SSRF vulnerability by hosting a malicious Gradio Space. When a victim application uses gr.load to load this attacker-controlled Space, a malicious proxyurl...

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

CVE-2022-37067

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti...

CVE-2022-37072

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti...

CVE-2022-37068

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal...

CVE-2022-37073

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti...

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

PT-2026-1672

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a cross-site request forgery issue that could allow attackers to perform administrative actions without proper validation of requests. Attackers can...

MAL-2025-191562 Malicious code in @gr-exports/head (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6888eb30baaf533b512a0914e8563b29f47351f0154432f6c09fc209656ba10 The package @gr-exports/head was found to contain malicious code...

Malicious code in @gr-exports/head (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6888eb30baaf533b512a0914e8563b29f47351f0154432f6c09fc209656ba10 The package @gr-exports/head was found to contain malicious code...

Malicious code in @gr-exports/body (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1ec75ab55ea86ba356e8f21309eb966c00366a526e9737edd15248594209f89 The package @gr-exports/body was found to contain malicious code...

MAL-2025-191561 Malicious code in @gr-exports/body (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1ec75ab55ea86ba356e8f21309eb966c00366a526e9737edd15248594209f89 The package @gr-exports/body was found to contain malicious code...

Malicious code in @gr-exports/async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8832eae90b7d3651b42c92dfd4d5c51fa5766d1e571fab494f073a6389b3aa1 The package @gr-exports/async was found to contain malicious code...

Malicious code in @gr-common/async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec1bf5b6b7e2fd480a24ad41a4ab335d9b6abbc762aec4bcc7a15e5529a0e41c The package @gr-common/async was found to contain malicious code...

MAL-2025-191559 Malicious code in @gr-common/async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec1bf5b6b7e2fd480a24ad41a4ab335d9b6abbc762aec4bcc7a15e5529a0e41c The package @gr-common/async was found to contain malicious code...

EUVD-2025-144689

Malicious code in apasih-merahdd-gr npm...

MAL-2025-155349 Malicious code in gr-nutr-sdaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dbc195bc1405e4bac620decabb079bd1dbba43bce25f06d0c8ebc48094ebd80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...