Lucene search
K

27013 matches found

Hacker One
Hacker One
added 2026/04/02 6:13 p.m.15 views

curl: # SCURLOPT_SSH_KNOWNHOSTS and host fingerprint pins are silently bypassed when an SSH connection is reused from the connection pool

Product libcurl all versions, all platforms, compiled with USESSH Protocols affected: sftp://, scp:// --- Summary libcurl's connection pool reuse logic for SSH-based protocols SFTP, SCP contains a security gap that allows a transfer's server-verification policy to be completely ignored. When an...

6AI score
Exploits0
OSV
OSV
added 2026/04/02 5:16 p.m.10 views

DEBIAN-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.2AI score0.00419EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.7 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 4:44 p.m.131 views

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

3.6CVSS0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:30 p.m.12 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/02 4:30 p.m.3 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions in the scp when the legacy protocol option -O is used by a root user without preserving original file permissions -p. An attacker can gain elevated privileges by supplying a malicious file that, when...

8.1CVSS6AI score0.00419EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 4:30 p.m.3 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 4:30 p.m.123 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 9:30 a.m.5 views

EUVD-2026-18152

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...

5.3CVSS5.9AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:30 a.m.3 views

EUVD-2026-18166

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

7.8CVSS5.9AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:30 a.m.4 views

EUVD-2026-18142

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

4.9CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:30 a.m.3 views

EUVD-2026-18154

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:30 a.m.3 views

EUVD-2026-18146

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 9:16 a.m.2 views

CVE-2026-29134

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

7.5CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 8:52 a.m.9 views

CVE-2026-29139

CVE-2026-29139 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The root cause is misuse of GINA account initialization, which can be leveraged to reset a victim’s password and lead to account takeover. Documents indicate a network-exposed vulnerability with high/severe impact (an a...

9.8CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:50 a.m.3 views

CVE-2026-29144

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

7.8CVSS5.9AI score0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:49 a.m.1 views

CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

7.8CVSS5.9AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 8:49 a.m.7 views

CVE-2026-29143

CVE-2026-29143 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue is that the inner S/MIME-encrypted MIME entity is not properly authenticated, enabling an attacker to manipulate trusted headers. The root cause is insufficient verification of the inner message, with potentia...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:47 a.m.2 views

CVE-2026-29138

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

6.3CVSS5.9AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:47 a.m.2 views

CVE-2026-29138 PGP Decryption Sender LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

6.3CVSS5.9AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder