CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

CVE-2025-8731

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

Linux Distros Unpatched Vulnerability : CVE-2018-16837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible User module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials...

CVE-2010-10013

CVE-2010-10013 describes an unauthenticated remote command execution in AjaXplorer (now Pydio Cells) versions before 2.6. The vulnerability resides in the checkInstall.php script of the access.ssh plugin, which fails to sanitize input passed to the destServer GET parameter. By injecting shell met...

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

PT-2025-32366 · Trendnet · Tpl-430Ap +2

Name of the Vulnerable Software and Affected Versions: TRENDnet TI-G160i versions up to 20250724 TRENDnet TI-PG102i versions up to 20250724 TRENDnet TPL-430AP versions up to 20250724 Description: A critical vulnerability exists in the SSH Service component of TRENDnet devices. The issue involves...

FIRSTNUM JC21A-04 安全漏洞

The FIRSTNUM JC21A-04 is a router from the Chinese company FIRSTNUM. A security vulnerability exists in the FIRSTNUM JC21A-04 version 2.01ME/FN and prior versions, which stems from the SSH service being enabled by default and using root/admin credentials...

SUSE CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

CVE-2025-38741

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication...

xorg-x11-server: XvdiSelectVideoNotify use-after-free

A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding...

xorg-x11-server: XIPassiveUngrab out-of-bounds access

A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code...

xorg-x11-server: heap buffer overflow in DisableDevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

xorg-x11-server: XTestSwapFakeInput stack overflow

A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege...

RUCKUS SmartZone 安全漏洞

RUCKUS SmartZone is a network controller from RUCKUS. A security vulnerability exists in versions prior to the RUCKUS SmartZone 6.1.2p3 Refresh Build, which stems from hard-coded SSH private keys and could lead to a security risk...

Dell Enterprise SONiC OS 安全漏洞

DELL Enterprise SONiC OS is an open source network operating system developed by Dell and designed for data center and cloud computing scenarios. DELL Enterprise SONiC OS suffers from a cryptographic key vulnerability that stems from a cryptographic key vulnerability in SSH, which can be exploite...

konsole: Konsole Remote Code Execution Vulnerability

A flaw was found in Konsole. The application's handling of URLs using scheme handlers like ssh://, telnet://, or rlogin:// allows a remote attacker to trigger arbitrary code execution. This issue occurs when a user opens a specially crafted URL, bypassing authentication checks. Consequently, a...

[SECURITY] Fedora 41 Update: cloud-init-24.2-4.fc41

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

[SECURITY] Fedora 42 Update: cloud-init-24.2-5.fc42

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

CVE-2025-29629

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...

USN-7443-3 erlang vulnerability

USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authenticatio...