PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

PT-2026-25165

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An issue exists in Erlang OTP ssh ssh transport modules that allows for Denial of Service via Resource Depletion. The SSH transport layer, by...

📄 FreePBX Filestore Authenticated Command Injection

This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

EUVD-2026-11581

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

PT-2026-24956

Name of the Vulnerable Software and Affected Versions Veeam Backup and Replication affected versions not specified Description A flaw exists that could allow a low-privileged user to obtain saved SSH credentials. The issue involves the potential extraction of these credentials. Recommendations At...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 version 2.1.0.0R3 contains a security vulnerability. This vulnerability stems from insufficient cleaning of input parameters on the SSH Client and SSH Server pages, which may...

EUVD-2026-10516

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file...

CVE-2026-22628

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file...

CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

...

CVE-2026-22628

CVE-2026-22628 describes an improper access control flaw in Fortinet FortiSwitch AXFixed, affecting versions 1.0.0 through 1.0.1. An authenticated admin can execute system commands by supplying a specially crafted SSH config file, enabling local command execution with low impact vector (local, lo...

CVE-2026-22628

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file...

Fortinet FortiSwitchAXFixed 访问控制错误漏洞

The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There was an access control vulnerability in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. This vulnerability stemmed from improper access control, allowing authenticated administrator...

MAL-2026-1290 Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

EUVD-2025-208368

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

SSH2 安全漏洞

SSH2 is an SSH client and server module developed by mscdex’s individual developers. Version 1.17.0 of SSH2 contains a security vulnerability, which stems from the inefficiency of regular expressions...