Lucene search
K

192 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 12:21 p.m.10 views

Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.8 views

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/23 6:0 a.m.3 views

SUSE-SU-2026:2515-1 Security update for openssh, openssh-askpass-gnome

This update for openssh, openssh-askpass-gnome fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 3:28 p.m.12 views

Malicious code in internallib_v984 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...

5.5AI score
Exploits0References7
OSV
OSV
added 2026/06/11 12:42 p.m.8 views

MAL-2026-5643 Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.6AI score
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.13 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 5:52 p.m.8 views

CVE-2026-41236 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.6AI score0.00366EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.9 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/01 6:51 p.m.27 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References7
OSV
OSV
added 2026/05/29 4:3 p.m.11 views

RLSA-2026:19069 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

7.5CVSS6.2AI score0.00419EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 3:2 p.m.7 views

SUSE-SU-2026:21875-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Changes for openssh: - Fix a potential issue when validating mac bsc1264568:...

8.1CVSS6AI score0.00419EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.24 views

Amazon Linux 2 : openssh, --advisory ALAS2-2026-3320 (ALAS-2026-3320)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3320 advisory. OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. CVE-2026-35388 OpenS...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in python-pip

The pip package before version 19.2 for Python allows Directory Traversal when a URL is provided in an install command. This is possible because the Content-Disposition header can contain "../ in the filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This behavior occurs...

7.5CVSS7.3AI score0.03028EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

7.4CVSS7.7AI score0.01659EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 12:0 a.m.16 views

ALSA-2026:19069 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

8.1CVSS6.2AI score0.00419EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.13 views

SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:1876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1876-1 advisory. This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed...

8.1CVSS6.1AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/05/15 10:6 p.m.8 views

SUSE-SU-2026:1876-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2026/05/15 11:23 a.m.5 views

OPENSUSE-SU-2026:20757-1 Security update for openssh

This update for openssh fixes the following issues Security issues fixed: - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Other issues fixed: - SSH port not reachable on...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References6
OSV
OSV
added 2026/05/12 10:11 a.m.12 views

SUSE-SU-2026:21634-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 8:21 p.m.14 views

CVE-2026-41489

Pi-hole (6.0 through before Core 6.4.2 and FTL 6.6.1) is vulnerable because two systemd-executed root scripts (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from a config without validation and perform privileged file operations using that path. An attacker with pihol...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder