2322 matches found
EUVD-2026-24969
mkfifo: permissions of an existing file are changed after FIFO creation fails...
CVE-2026-34167
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...
Important: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via a malformed SSH sub-verb in the authentication process. An attacker can gain unauthorized read access to private repositories by crafting specific SSH requests. Remediation Upgrade github.com/go-gitea/gitea/c...
CVE-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...
CVE-2026-58423
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...
CVE-2026-58423
The CVE-2026-58423 entry concerns Gitea’s LFS authentication: a malformed SSH sub-verb allows unauthorized read access to private repositories. The issue is described as an authentication bypass that can enable read access without credentials, affecting LFS handling in affected Gitea deployments....
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...
CVE-2026-9547
The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...
CVE-2026-9547 SSH improper host validation
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
EUVD-2026-41502
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
PT-2026-55656
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authentication bypass exists when using a malformed SSH sub-verb during LFS Large File Storage operations. This flaw allows unauthorized read access to privat...
CVE-2026-54886
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
EEF-CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle\data/4 function in ssh\sftpd contains a catch-all clause that accepts channel data of any...
CVE-2026-8482 Information leak in NSRPC client history
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...
EUVD-2026-41271
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...
foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass
A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...