27 matches found
CVE-2026-44423
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44426
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44424
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44423
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44424
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44423
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44426 ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44426
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44426
ShellHub (CVE-2026-44426) is a cross-tenant IDOR where GET /api/namespaces/:tenant returns the full namespace object (including members, emails, roles, settings, and device counts) to any caller authenticated with an API Key, regardless of the API Key’s tenant scope. Root cause: if the API Key la...
ShellHub 输入验证错误漏洞
ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the device list endpoint accepting user-controlled identifiers as...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetDevice process. An attacker can access sensitive device metadata belonging to other tenants by providing a valid device UID and authenticating with any user account. Remediatio...
CVE-2025-59946
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...
CVE-2025-59946
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...
CVE-2025-59946
CVE-2025-59946 affects NanoMQ (NanoMQ) prior to version 0.24.2, due to a data racing issue in the subscription info/list handling that could cause a heap use-after-free crash. The issue has been patched in version 0.24.2. The CVSS vector from the initial entry indicates high severity with network...
EUVD-2025-205461
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...
CVE-2025-59946 NanoMQ has a Use After Free vulnerability via sub info list
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...
CVE-2025-59946 NanoMQ has a Use After Free vulnerability via sub info list
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...
CVE-2025-59946 NanoMQ has a Use After Free vulnerability via sub info list
NanoMQ MQTT Broker NanoMQ is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2...