Lucene search
K

15071 matches found

Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 7:12 p.m.14 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/27 7:12 p.m.13 views

MAL-2026-6548 Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/06/27 1:12 a.m.8 views

[SECURITY] Fedora 44 Update: openbao-2.5.5-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: openbao-2.5.5-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.8 views

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...

7.3CVSS6AI score0.0018EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2026/06/26 2:17 p.m.46 views

curl: ssh_config_matches is dead code: unauthorized SSH key reuse

Summary libcurl's SSH connection-reuse guard sshconfigmatches — added for CVE-2022-27782 and reaffirmed by CVE-2023-27538 — is dead code in every release since 7.83.1. It compares sshc-rsa / sshc-rsapub between a new transfer "needle" and a pooled connection, but on both sides those pointers are...

7.7CVSS6.7AI score0.02596EPSS
Exploits2
OSV
OSV
added 2026/06/26 2:16 p.m.8 views

MAL-2026-6524 Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/26 12:3 p.m.6 views

RLSA-2026:29455 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.00533EPSS
Exploits1References21
OSV
OSV
added 2026/06/26 8:17 a.m.4 views

OPENSUSE-SU-2026:21069-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.00533EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

RockyLinux 9 : buildah (RLSA-2026:29455)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29455 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification

The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...

7.5CVSS6AI score0.00574EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16 Security Update : mcphost (SUSE-SU-2026:22193-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22193-1 advisory. This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.9AI score0.00781EPSS
Exploits0References45
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES15 Security Update : apptainer (SUSE-SU-2026:2609-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2609-1 advisory. This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for...

10CVSS7.2AI score0.00781EPSS
Exploits1References46
OSV
OSV
added 2026/06/25 10:18 p.m.3 views

GHSA-W879-237Q-WC7R golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS6.4AI score0.00415EPSS
Exploits0References34
OSV
OSV
added 2026/06/25 10:18 p.m.3 views

GHSA-VGWF-H737-FF37 golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS6AI score0.00533EPSS
Exploits0References30
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/25 10:15 p.m.13 views

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:15 p.m.8 views

golang.org/x/crypto is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS6AI score0.00394EPSS
Exploits0References29Affected Software1
Rows per page
Query Builder