CVE-2025-60892

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's idrsa.pub key from their local Windows machine to the authorizedkeys file on the Raspberry Pi, even after the user...

CVE-2025-60892

The CVE-2025-60892 issue affects Raspberry Pi Imager for Windows (1.9.6) where the OS customization feature’s public-key authentication setting unintentionally re-adds a local id_rsa.pub to the Pi’s authorized_keys file, even after users delete it in the UI. This creates an unintended attack surf...

EUVD-2025-37486

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's idrsa.pub key from their local Windows machine to the authorizedkeys file on the Raspberry Pi, even after the user...

PT-2025-44765

Name of the Vulnerable Software and Affected Versions Raspberry Pi Imager version 1.9.6 Description An issue exists in the OS customization feature of Raspberry Pi Imager. The 'public-key authentication' setting unintentionally re-adds a user's id rsa.pub key from their local Windows machine to t...

synapse 安全漏洞

synapse is a matrix master server from Element open source. A security vulnerability exists in synapse versions prior to 1.138.3 and 1.139.0, which stems from a missing device key authentication and could lead to degradation of federation functionality...

EUVD-2001-1562

Malware in sbrugna...

EUVD-2001-1150

Malware in sbrugna...

EUVD-2005-2771

Malware in sbrugna...

EUVD-2005-2330

Malware in sbrugna...

EUVD-2012-0943

Malware in sbrugna...

EUVD-2013-0725

Malware in sbrugna...

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in versions prior to vLLM 0.11.0rc2, which stems from a timing attack vulnerability in the API key authentication method that could lead to authentication bypass...

EUVD-2024-42277

Malicious code in bioql PyPI...

EUVD-2023-2773

Malicious code in bioql PyPI...

EUVD-2025-14242

Malicious code in bioql PyPI...

EUVD-2024-27365

Malicious code in bioql PyPI...

Do Not Preset authorized_keys for the SSH Service

authorizedkeys specifies the public key of the remote host. You can store the public key in the $HOME/.ssh/authorizedkeys file in the home directory for public key authentication. Then you can directly log in to the system. If authorizedkeys is preset in the system and public and private key...

Linux Distros Unpatched Vulnerability : CVE-2007-2243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to...

Meshtastic 授权问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...

SUSE CVE-2023-42818

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...