Lucene search
K

110 matches found

OSV
OSV
added 2026/02/27 9:54 p.m.5 views

CVE-2026-28417 Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS6.1AI score0.01162EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/27 9:54 p.m.28 views

CVE-2026-28417 Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS0.01162EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 9:54 p.m.2 views

CVE-2026-28417 Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS6.1AI score0.01162EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 7:56 p.m.4 views

USN-8051-2 libssh vulnerabilities

USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...

8.2CVSS6AI score0.00582EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/02/13 12:0 a.m.4 views

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

6.3CVSS6.7AI score0.00408EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/10 7:5 p.m.6 views

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5.9CVSS7AI score0.58204EPSS
Exploits9References4
Snyk
Snyk
added 2026/02/10 6:44 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitation of paths received from SCP servers. An attacker can access or modify files outside the intended directory by sending specially crafted file paths. Note: Libssh maintainers strongly discourage...

6.3CVSS6.9AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.5 views

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper path...

6.3CVSS6.5AI score0.00408EPSS
Exploits0References5
CVE
CVE
added 2026/01/08 10:8 a.m.31 views

CVE-2025-15224

CVE-2025-15224 : The curl/libcurl implementation used for SSH-based transfers (SCP/SFTP) can incorrectly authenticate via a locally running SSH agent when public-key authentication is requested. This (libssh backend) behavior allows bypassing intended agent prompts and may enable unintended authe...

3.1CVSS6.3AI score0.00413EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/08 10:8 a.m.5 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.5AI score0.00457EPSS
Exploits1References4
NVD
NVD
added 2025/10/15 2:15 p.m.28 views

CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00408EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/10/15 11:1 a.m.12 views

K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868

Security Advisory Description When running in Appliance mode, a highly privileged authenticated attacker with access to Secure Copy SCP protocol and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. CVE-2025-53868 Impact In Appliance mode, an authenticated attacke...

8.7CVSS5.9AI score0.00408EPSS
Exploits0Affected Software12
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.7 views

PT-2025-42327

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions affected versions not specified Description A privileged, authenticated attacker with access to SCP and SFTP may bypass Appliance mode restrictions using undisclosed commands when the software is running in Appliance mode...

9.1CVSS5.5AI score0.00408EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21368

Malware in sbrugna...

8.5CVSS7.9AI score0.01581EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-18164

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00938EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26506

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00342EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-17977

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-24365

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.00586EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-30899

Malicious code in bioql PyPI...

4.9CVSS5.1AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 1:49 p.m.9 views

CVE-2025-47421 Privilege escalation via SCP login

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

8.6CVSS0.00342EPSS
Exploits0References3
Rows per page
Query Builder