CVE-2026-22317

CVE-2026-22317 describes a command injection vulnerability in the device’s Root CA certificate transfer workflow. The issue allows a high-privileged attacker to send crafted HTTP POST requests that lead to arbitrary command execution on the underlying Linux OS with root privileges. The available ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001872 advisory. The aiomount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intende...

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

EUVD-2015-0934

Malware in sbrugna...

nodejs: code injection and privilege escalation through Linux capabilities

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Vulnerabilities in processors fixed

Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...