5 matches found
CVE-2026-12064
A flaw was found in curl. When a user invokes curl with a schemeless URL and specifies SFTP SSH File Transfer Protocol or SCP Secure Copy Protocol as the default protocol, the tool layer fails to initialize critical SSH security options. This bypasses host verification, allowing curl to connect t...
EUVD-2026-27655
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...
CVE-2025-11625 Host verification bypass and credential leak
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...
CVE-2025-11625
The CVE-2025-11625 entry concerns wolfSSH (client) versions 1.4.20 and earlier with an improper host authentication flaw that can permit authentication bypass and leakage of client credentials. Multiple sources (NVD, Red Hat, EUVD, OSV, CVE list, CNVD, CIRCL, etc.) describe the issue across wolfS...
openssh: failure to check DNS SSHFP records in certain scenarios
It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record...