CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices (through 2025-09-20) accept any handshake secret containing the unitree substring, enabling unauthorized access and control. CVSSv3.1 base score 5.0 (Medium) with adjacent attack vector, high attack complexity, and no privileges required. The issue affects the ...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

Unitree多款产品 安全漏洞

Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, and Unitree H1 is a humanoid robot. A security vulnerability exists in various Unitree products that originates from the acceptance of an arbitrary handshake key containing a substring of unitree. The following products and versions are...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

Ubuntu 25.04 : PCRE2 vulnerability (USN-7777-1)

The remote Ubuntu 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7777-1 advisory. It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose...

Ubuntu: Security Advisory (USN-7777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7777-1: PCRE2 vulnerability

It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...

USN-7777-1 pcre2 vulnerability

It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

FreeBSD : PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS (b51a4121-9607-11f0-becf-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b51a4121-9607-11f0-becf-00a098b42aeb advisory. [email protected] reports: The PCRE2 library is a set of C functions that implement regula...

@digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

do-markdownit 安全漏洞

do-markdownit is an open source plugin from DigitalOcean. A security vulnerability exists in do-markdownit 1.16.1 and earlier versions, which stems from the callout and fenceenvironment plugins performing .includes substring matching on allowedClasses or allowedEnvironments, which could lead to a...

CVE-2025-59717

The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

PT-2025-38507

Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...

Erlang/OTP (Erlang OTP) Buffer Read Overflow Vulnerability (Sep 2025) - Windows

Erlang/OTP Erlang OTP is prone to a buffer read overflow vulnerability in the erts component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

...

GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...