Lucene search
K

9 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

0.00461EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 7:16 a.m.10 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS0.00574EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:13 a.m.3 views

CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6.2AI score0.00574EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:13 a.m.12 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score0.00574EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/03 6:13 a.m.28 views

CVE-2026-12064

CVE-2026-12064 describes an issue in curl where using a schemeless URL with --proto-default for SFTP/SCP causes the tool layer to skip SSH security configuration (notably CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS ). The libcurl runtime honors the default protocol and proceeds ...

7.5CVSS6AI score0.00574EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2026/06/12 2:55 a.m.17 views

curl: CVE-2026-12064: proto-default skips SSH verification

Summary When a user invokes curl with a schemeless URL and --proto-default sftp or scp, the tool layer guesses the URL is HTTP and skips setting SSH security options CURLOPTSSHHOSTPUBLICKEYSHA256, CURLOPTSSHKNOWNHOSTS. However libcurl's runtime correctly applies --proto-default and connects via...

7.5CVSS5.9AI score0.00574EPSS
Exploits1
Amazon
Amazon
added 2026/02/19 12:0 a.m.9 views

Medium: curl

Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...

6.3CVSS5.6AI score0.00679EPSS
Exploits4
OpenVAS
OpenVAS
added 2026/02/03 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1207)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.4AI score0.0039EPSS
Exploits1References2
Amazon
Amazon
added 2026/01/07 12:0 a.m.15 views

Medium: curl

Issue Overview: When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect...

7.5CVSS7.2AI score0.01378EPSS
Exploits4
Rows per page
Query Builder