Lucene search
K

294 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59996

A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...

5.4CVSS6AI score0.00241EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

DEBIAN-CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6AI score0.00177EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/06 7:19 p.m.4 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
NVD
NVD
added 2026/07/06 4:16 p.m.9 views

CVE-2026-5268

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

9.1CVSS0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 3:25 p.m.6 views

EUVD-2026-41884

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

9.1CVSS6AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55943

Name of the Vulnerable Software and Affected Versions Ciena products affected versions not specified Description An authentication bypass exists in the default SFTP server component. This allows a remote, unauthenticated attacker to circumvent security controls and gain unauthorized access to the...

9.1CVSS6.1AI score0.0042EPSS
Exploits0References6
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.50 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

0.00508EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:18 a.m.40 views

CVE-2026-9547

The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...

7.4CVSS6AI score0.00508EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:13 a.m.11 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score0.00574EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/07/03 6:13 a.m.8 views

EUVD-2026-41502

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score0.00574EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:13 a.m.59 views

CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

0.00574EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:13 a.m.15 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and...

4.3CVSS6.1AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 4:6 p.m.7 views

EUVD-2026-41413

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6AI score0.0033EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:6 p.m.9 views

CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6AI score0.0033EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/02 4:6 p.m.5 views

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 4:6 p.m.3 views

EEF-CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle\data/4 function in ssh\sftpd contains a catch-all clause that accepts channel data of any...

5.3CVSS6AI score0.0033EPSS
Exploits0References4
Rows per page
Query Builder