Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 4 hours ago3 views

EUVD-2026-39490

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

6.4CVSS5.9AI score0.00037EPSS
Exploits0References1
NVD
NVDadded yesterday4 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS
Exploits1References3
Snyk
Snykadded 2026/05/19 3:21 p.m.5 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

9.6CVSS6AI score0.00365EPSS
Exploits0References2
OSV
OSVadded 2026/03/13 7:54 p.m.3 views

DEBIAN-CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

5.3CVSS7.3AI score0.00644EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/13 9:11 a.m.2 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2026/03/13 9:11 a.m.4 views

EEF-CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh ssh\transport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS7.2AI score0.00644EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.3 views

PT-2026-25165

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An issue exists in Erlang OTP ssh ssh transport modules that allows for Denial of Service via Resource Depletion. The SSH transport layer, by...

9.4CVSS7.3AI score0.00644EPSS
Exploits0References56
OSV
OSVadded 2024/01/12 11:6 a.m.3 views

OESA-2024-1048 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References2
Rows per page
Query Builder