Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016495 advisory. In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the...

Endian Firewall Detection Consolidation

Consolidation of Endian Firewall detections. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

GHSA-9W9C-9W8M-W89Q ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data

Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

Security update for erlang

This update for erlang fixes the following issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. CVE-2026-23943: denia...

EUVD-2026-27394

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

Crestron Touchpanels 参数注入漏洞

Crestron Touchpanels are a series of intelligent network touchscreen devices developed by Crestron Corporation in the United States. These devices are used for scheduling in enterprise meeting rooms, controlling audio-visual systems, and automating smart buildings. Crestron Touchpanels have a...

Cisco Prime Infrastructure Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Prime Infrastructure is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Prime Infrastructure due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...

Cisco Secure Email Gateway Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Secure Email Gateway is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Secure Email Gateway due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...

JLSEC-2026-391

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

JLSEC-2026-430 When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,...

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

Astra Linux – Vulnerability in libnbd

A flaw was discovered in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with ‘-o’ are incorrectly interpreted as arguments for the Secure Shell SSH...

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...

Astra Linux – Vulnerability in OpenSSH

In SSH in OpenSSH before version 9.6, OS command injection could occur if a user name or host name contained shell metacharacters, and this name was referenced by an expansion token in certain situations. For example, a untrusted Git repository might contain a submodule with shell metacharacters ...

Astra Linux – Vulnerability in curl

libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...

Astra Linux – Vulnerability in Erlang

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server might allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in the SSH protocol’s message handling, a malicious...