110 matches found
CVE-2026-28417 Vim has OS Command Injection in netrw
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417 Vim has OS Command Injection in netrw
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417 Vim has OS Command Injection in netrw
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
USN-8051-2 libssh vulnerabilities
USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...
CVE-2026-0964
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
CVE-2026-0964
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitation of paths received from SCP servers. An attacker can access or modify files outside the intended directory by sending specially crafted file paths. Note: Libssh maintainers strongly discourage...
libssh 安全漏洞
libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper path...
CVE-2025-15224
CVE-2025-15224 : The curl/libcurl implementation used for SSH-based transfers (SCP/SFTP) can incorrectly authenticate via a locally running SSH agent when public-key authentication is requested. This (libssh backend) behavior allows bypassing intended agent prompts and may enable unintended authe...
CVE-2025-15079
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868
Security Advisory Description When running in Appliance mode, a highly privileged authenticated attacker with access to Secure Copy SCP protocol and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. CVE-2025-53868 Impact In Appliance mode, an authenticated attacke...
PT-2025-42327
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions affected versions not specified Description A privileged, authenticated attacker with access to SCP and SFTP may bypass Appliance mode restrictions using undisclosed commands when the software is running in Appliance mode...
EUVD-2021-21368
Malware in sbrugna...
EUVD-2024-18164
Malicious code in bioql PyPI...
EUVD-2025-26506
Malicious code in bioql PyPI...
EUVD-2024-17977
Malicious code in bioql PyPI...
EUVD-2023-24365
Malicious code in bioql PyPI...
EUVD-2022-30899
Malicious code in bioql PyPI...
CVE-2025-47421 Privilege escalation via SCP login
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...