CVE-2026-2330 CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

EUVD-2025-35894

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-34502

The CVE-2025-34502 entry affects Deck Mate 2 by lacking a verified secure-boot chain and runtime integrity validation for its controller and display modules. This allows a physically proximate attacker to modify or replace the bootloader, kernel, or filesystem, enabling persistent code execution ...

EUVD-2024-18074

Malicious code in bioql PyPI...

rc.local Persistence

This module will edit /etc/rc.local in order to persist a payload. The payload will be executed on the next reboot. Verified on Ubuntu 18.04.3 Module Options msf use exploit/linux/persistence/rclocal msf exploitrclocal show targets ...targets... msf exploitrclocal set TARGET msf exploitrclocal sh...

PT-2025-32555

Name of the Vulnerable Software and Affected Versions: Lenovo 510 FHD Webcam versions prior to 4.8.0 Lenovo Performance FHD Webcam versions prior to 4.8.0 Description: Linux webcams can be compromised and become a persistent malware vector. The flaw allows for re-infection even after an operating...

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

CISA has published a Malware Analysis Report MAR with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA1link is external malware variant, including surviving reboots; however, RESURGE contains...

PT-2024-7503 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the VPN web server of the software could allow an...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...