Lucene search
+L

32 matches found

cvelist
cvelist
added 2026/07/07 9:18 p.m.26 views

CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS0.00299EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/06 7:19 p.m.5 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References1
cve
cve
added 2026/07/03 6:18 a.m.55 views

CVE-2026-9547

The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...

7.4CVSS6AI score0.00508EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/07/03 6:18 a.m.8 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00508EPSS
Exploits1References3
redhat
redhat
added 2026/07/02 3:43 p.m.3 views

curl: curl: Man-in-the-middle attack via SSH host key bypass

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS6AI score0.00508EPSS
Exploits1References7
osv
osv
added 2026/06/24 2:0 p.m.7 views

UBUNTU-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51756

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description Applications using libcurl for transfers via SCP:// or SFTP:// that utilize the CURLOPT SSH KEYFUNCTION callback may silently accept an untrusted server. This occurs when a server presents a...

9.8CVSS5.8AI score0.01064EPSS
Exploits4References69
hackerone
hackerone
added 2026/05/20 7:40 p.m.10 views

curl: CVE-2026-9547: SSH improper host validation

Hi all, We've found an issue in lib/vssh/libssh.c where the libssh backend maps SSHKNOWNHOSTSOTHER to CURLKHMATCHMISSING instead of CURLKHMATCHMISMATCH. libssh documents SSHKNOWNHOSTSOTHER as "The server gave us a key of a type while we had another type recorded. It is a possible attack."...

7.4CVSS5.8AI score0.00508EPSS
Exploits1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in the abstract layer of the libssh library responsible for message digest MD operations, which is implemented by different supported crypto backends. The return values from these operations were not properly checked, which could lead to low-memory situations, NULL...

5.3CVSS6.6AI score0.01421EPSS
Exploits0References2
susecve
susecve
added 2026/04/25 1:36 a.m.8 views

SUSE CVE-2026-31666

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

5.5CVSS5.5AI score0.0012EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/24 2:45 p.m.36 views

CVE-2026-31666 btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

7.8CVSS0.0012EPSS
Exploits0References4
osv
osv
added 2026/04/24 2:45 p.m.2 views

CVE-2026-31666 btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

7.8CVSS6AI score0.0012EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25641

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

10CVSS5.4AI score0.00489EPSS
Exploits1References1
nvd
nvd
added 2026/02/06 8:16 p.m.12 views

CVE-2026-25641

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

10CVSS0.00489EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/06 7:50 p.m.5 views

CVE-2026-25641

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

10CVSS5.4AI score0.00489EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2026/02/06 7:50 p.m.6 views

EUVD-2026-5589

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

10CVSS5.4AI score0.00489EPSS
Exploits1References3
osv
osv
added 2026/02/06 7:50 p.m.9 views

CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

10CVSS5.4AI score0.00489EPSS
Exploits1References5
almalinux
almalinux
added 2025/09/10 12:0 a.m.7 views

Important: python3.12-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.8AI score0.00831EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/22 5:52 p.m.10 views

CVE-2020-16088

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches...

9.8CVSS7.3AI score0.02418EPSS
Exploits1
Rows per page
Query Builder