Lucene search
K

76 matches found

curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:46 p.m.8 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 9:34 a.m.31 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/25 9:34 a.m.49 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

0.0059EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 3:40 p.m.7 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 12:16 a.m.10 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS0.00447EPSS
Exploits3References3
CVE
CVE
added 2026/02/18 11:5 p.m.34 views

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.15 views

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

5.3CVSS7.2AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

5.9CVSS6.7AI score0.00868EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-5103

Malware in sbrugna...

7.5CVSS6.4AI score0.01867EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2018-0009

Malware in sbrugna...

7.4CVSS7.3AI score0.01963EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2955

Malware in sbrugna...

7.1CVSS4.9AI score0.00354EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0038

Malware in sbrugna...

9.3CVSS6.1AI score0.01824EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2188

Malware in sbrugna...

5.9CVSS5.7AI score0.01394EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-44833

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4923

Malicious code in bioql PyPI...

6.8CVSS5.9AI score0.00694EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52258

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00443EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5238

Malicious code in bioql PyPI...

7.4CVSS7.4AI score0.0057EPSS
Exploits0References5
Rows per page
Query Builder