EUVD-2026-31398

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-paramiko (UTSA-2026-017484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017484 advisory. Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attac...

Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

[SECURITY] Fedora 43 Update: NetworkManager-ssh-1.4.4-1.fc43

This package contains software for integrating VPN capabilities with the OpenSSH server with NetworkManager...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 version 2.1.0.0R3 contains a security vulnerability. This vulnerability stems from insufficient cleaning of input parameters on the SSH Client and SSH Server pages, which may...

EUVD-2025-206902

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...

CVE-2025-32063

Summary: PT Security reports tied to CVE-2025-32063 describe the Nissan Leaf ZE1 (2020) Infotainment ECU with Red Bend OTA over HTTPS. The documented issue is persistence through Wi‑Fi, enabled by the device’s default SSL configuration. Related entries note insecure OTA/update behavior and MiTM r...

EUVD-2025-198228

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption...

EUVD-2025-34713

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure,...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions 17.0 through 28.0.3, 27.3.4.3, and 26.2.5.15, which stems from...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 - Erlang/OTP SSH RCE PoC !CVE-2025-32433htt...

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection furthe...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433: Erlang/OTP's SSH Server Exploit...

DEBIAN-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

Creating Scripts to Identify Vulnerable SSH Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of SSH servers. It also covers methods to mitigate the public visibility of banners and version information on SSH servers. Written in Portuguese...

CLSA-2024-1708638566 openssh: Fix of CVE-2023-48795

CVE-2023-48795: implement "strict key exchange" in ssh and sshd...

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

Bosch Video Management System 安全漏洞

Bosch Video Management System is a video management system from Bosch, Germany. A security vulnerability exists in Bosch Video Management System, which stems from improper authorization of the SSH server, allowing an authenticated attacker to access resources on the internal network via port...