Multiple vulnerabilities in OpenSSH affect AIX

IBM SECURITY ADVISORY First Issued: Thu May 28 14:09:50 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory21.asc Security Bulletin: Multiple vulnerabilities in OpenSSH affect AIX...

CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

CVE-2026-47269

CVE-2026-47269 affects pam_usb on Linux. The deny_remote feature checks utmpx ut_addr_v6[0] to identify remote sessions, but IPv4-mapped IPv6 addresses cause the check to fail (ut_addr_v6[0] == 0, while the IPv4 address is in ut_addr_v6[3]), so remote SSH connections can be treated as local. As a...

EUVD-2026-32656

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

VulnCheck KEV: CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

CVE-2026-1185

CVE-2026-1185 concerns an issue in Axis devices where a local file system configuration file is not properly validating input, enabling code execution and potential privilege escalation. The vulnerability requires an attacker to log in to the device via SSH, limiting exposure to authenticated acc...

CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244

CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...

GHSA-8F47-4RH3-X44M Flowise: Bcrypt Password Hash Exposure

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

[SECURITY] Fedora 42 Update: openssh-9.9p1-14.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 43 Update: openssh-10.0p1-9.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 44 Update: openssh-10.2p1-8.fc44

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

EUVD-2026-25211

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user...

CVE-2026-6886 BorG Technology Corporation｜Borg SPM 2007 - Authentication Bypass

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user...

CVE-2026-6886

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user...

CVE-2026-6886

CVE-2026-6886 concerns Borg SPM 2007 (BorG Technology Corporation). The provided records describe an authentication bypass that allows unauthenticated remote attackers to log in as any user. Documents list CRITICAL CVSS scores (4.0: 9.3; 3.1: 9.8) and confirm the vulnerability, but no explicit ro...

CVE-2026-6886 BorG Technology Corporation｜Borg SPM 2007 - Authentication Bypass

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user...