249 matches found
CVE-2026-7598
A flaw was found in the libssh2 library. A remote attacker can exploit an integer overflow vulnerability in the userauthpassword function by manipulating the usernamelen or passwordlen arguments and cause a heap-based buffer overflow. This leads to a crash to the application linked to the library...
JLSEC-2026-431 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
CVE-2026-40344
MinIO is affected by an authentication bypass in the Snowball auto-extract handler (PutObjectExtractHandler) prior to RELEASE.2026-04-11T03:20:12Z. An attacker with a valid access key (including the default minioadmin or any key with WRITE on a bucket) can write arbitrary objects to any bucket wi...
CVE-2026-5652
CVE-2026-5652 affects Crafty Controller’s Users API component, enabling an authenticated remote attacker to perform user modification actions due to improper API permissions validation. Reported CVSS 3.1 base score 9.0 (CRITICAL) with network attack vector, low attack complexity, high confidentia...
Honeywell Handheld Scanners 安全漏洞
Honeywell Handheld Scanners are barcode scanning devices produced by the American company Honeywell. There is a security vulnerability present in Honeywell Handheld Scanners, which stems from the lack of key function authentication. This vulnerability could allow remote attackers to execute syste...
CLSA-2026-1773653586 curl: Fix of CVE-2025-15224
CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1331)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1355)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2026-1532)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that...
CLSA-2026-1773412568 Fix CVE(s): CVE-2025-15224
SECURITY UPDATE: unexpected SSH agent authentication during public-key SSH- based transfers - debian/patches/CVE-2025-15224.patch: Require private key or SSH agent for public-key authentication; prevent attempted public-key auth when neither private key nor agent present; fix missing check that...
CLSA-2026-1773405854 curl: Fix of CVE-2025-15224
CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...
CVE-2026-23601
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
EUVD-2026-9413
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
CVE-2026-20009
The vulnerability CVE-2026-20009 affects Cisco Secure Firewall ASA Software and stems from insufficient validation during SSH authentication in the proprietary SSH stack. An unauthenticated, remote attacker could log in to an ASA device as a specific user without the user’s private key, provided ...
CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
CLSA-2026-1771664389 curl: Fix of 2 CVEs
CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
OESA-2026-1195 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1193 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...