CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

RedhatCVE•added 2026/05/26 8:14 p.m.•10 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.00837EPSS

Exploits0References1

Snyk•added 2026/05/25 12:58 p.m.•7 views

Key Exchange without Entity Authentication

Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...

9.1CVSS5.8AI score0.00837EPSS

Exploits0References2

PyPA•added 2026/05/25 10:16 a.m.•11 views

PYSEC-0000-CVE-2026-45361

8.1CVSS5.8AI score0.00837EPSS

Exploits0References3Affected Software1

PyPA•added 2026/05/25 10:16 a.m.•10 views

PYSEC-2026-166

8.1CVSS5.8AI score0.00837EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/25 10:16 a.m.•4 views

PYSEC-2026-166

8.1CVSS5.8AI score0.00837EPSS

Exploits0References3

NVD•added 2026/05/25 10:16 a.m.•11 views

CVE-2026-45361

8.1CVSS0.00837EPSS

Exploits0References3

EUVD•added 2026/05/25 9:34 a.m.•10 views

EUVD-2026-31659

5.8AI score0.00837EPSS

Exploits0References2

ATTACKERKB•added 2026/05/25 9:34 a.m.•8 views

CVE-2026-45361

5.8AI score0.00837EPSS

Exploits0References3

Vulnrichment•added 2026/05/25 9:34 a.m.•12 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

5.8AI score0.00837EPSS

Exploits0References2

OSV•added 2026/05/15 5:17 p.m.•1 views

GHSA-MXG3-432P-MR72 goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request

Summary The --tunnel / -t flag opens an outbound SSH connection to localhost.run:22 with HostKeyCallback: ssh.InsecureIgnoreHostKey. The Go documentation for that function states verbatim: "It should not be used for production code." With the callback disabled the client accepts any host key the...

7.4CVSS5.7AI score

Exploits0References4

Github Security Blog•added 2026/05/15 5:17 p.m.•25 views

goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request

5.7AI score

Exploits0References4Affected Software1

NVD•added 2026/05/13 4:16 p.m.•8 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS0.00135EPSS

Exploits0References1

Cvelist•added 2026/05/13 3:40 p.m.•26 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

7.4CVSS0.00135EPSS

Exploits0References1

CVE•added 2026/05/13 3:40 p.m.•7 views

CVE-2026-44467

The CVE describes a vulnerability in Claude Desktop (SSH remote development feature) where, from versions 1.2581.0 up to before 1.4304.0, host key verification was bypassed: the system only checked that a hostname existed in ~/.ssh/known_hosts, not that the presented host key matched the stored k...

7.4CVSS6AI score0.00135EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/13 12:0 a.m.•7 views

Claude Code 安全漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code from 1.2581.0 to 1.4304.0 contained a security vulnerability. This vulnerability stemmed from the SSH remote development feature, which only verified whether the host name exists in t...

7.4CVSS6AI score0.00135EPSS

Exploits0References2

Positive Technologies•added 2026/05/07 12:0 a.m.•8 views

PT-2026-38362

Name of the Vulnerable Software and Affected Versions Claude Desktop versions 1.2581.0 through 1.4303.0 Description The SSH remote development feature fails to compare the server's presented host key against the stored key, verifying only if the hostname exists in the /.ssh/known hosts file. This...

7.4CVSS6AI score0.00135EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in OpenSSH

A vulnerability was discovered in OpenSSH when the VerifyHostKeyDNS option is enabled. A man-in-the-middle attack can be carried out by a malicious machine pretending to be a legitimate server. This issue arises due to the way OpenSSH handles error codes under certain conditions during the...

6.8CVSS6.7AI score0.06997EPSS

Exploits4References2

OSV•added 2026/04/09 9:32 p.m.•3 views

JLSEC-2026-72

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.7AI score0.38474EPSS

Exploits5References26

RedhatCVE•added 2026/03/26 11:3 p.m.•4 views

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS

Exploits0References1

EUVD•added 2026/03/25 10:6 p.m.•5 views

EUVD-2026-15954

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no...

6.3CVSS5.8AI score0.00288EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by