CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

266 matches found

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00157EPSS

Exploits0References2

EUVD•added last week•8 views

EUVD-2026-38234

8.3CVSS5.9AI score0.00157EPSS

Exploits0References2

Cvelist•added last week•32 views

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

8.3CVSS0.00157EPSS

Exploits0References2

CVE•added last week•12 views

CVE-2026-54100

CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used with Red Hat OpenShift Container Platform. The flaw is that WMCO establishes SSH connections to Windows worker nodes without verifying the remote host key, enabling an adjacent-network attacker who can intercept or redirect WM...

8.3CVSS5.9AI score0.00157EPSS

Exploits0References2

RedhatCVE•added last week•7 views

CVE-2026-54100

8.3CVSS5.9AI score0.00157EPSS

Exploits0References3

CVE•added 2026/06/22 2:33 a.m.•10 views

CVE-2026-11745

The CVE-2026-11745 vulnerability affects centraldogma-server-mirror-git versions prior to 0.84.0. The Git mirror SSH client does not verify remote host keys for git+ssh:// connections, enabling an on-path attacker to perform man-in-the-middle attacks and potentially compromise mirrored repositori...

8.8CVSS5.8AI score0.00139EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in OpenSSH

A vulnerability was discovered in OpenSSH when the VerifyHostKeyDNS option is enabled. A man-in-the-middle attack can be carried out by a malicious machine pretending to be a legitimate server. This issue arises due to the way OpenSSH handles error codes under certain conditions during the...

6.8CVSS6.7AI score0.06997EPSS

Exploits4References2

Positive Technologies•added 2026/06/18 12:0 a.m.•16 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS

Exploits0References9

Tenable Nessus•added 2026/06/08 12:0 a.m.•15 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

10CVSS6.1AI score0.00466EPSS

Exploits0References40

Tenable Nessus•added 2026/06/08 12:0 a.m.•13 views

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-109 (ALASNITRO-ENCLAVES-2026-109)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-109 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused...

10CVSS7AI score0.00466EPSS

Exploits0References28

RedhatCVE•added 2026/06/05 7:11 p.m.•9 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.5AI score0.0027EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 3:10 p.m.•10 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS

Exploits1References1

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-43713

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 27.0 through 27.3.4.11 Erlang OTP versions prior to 28.5.0.1 Erlang OTP versions prior to 29.0.1 public key versions 1.16 through 1.17.1.2 public key versions prior to 1.20.3.1 public key versions prior to 1.21.1 Descriptio...

6.3CVSS5.8AI score0.00316EPSS

Exploits0References33

RedhatCVE•added 2026/05/26 8:14 p.m.•12 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.00598EPSS

Exploits0References1

Snyk•added 2026/05/25 12:58 p.m.•8 views

Key Exchange without Entity Authentication

Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...

9.1CVSS5.8AI score0.00598EPSS

Exploits0References2