Lucene search
+L

114 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

0.00461EPSS
Exploits0References2
OSV
OSV
added 6 days ago8 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.5 views

SUSE CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.4CVSS6.2AI score0.00574EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/07/06 7:19 p.m.7 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 6:1 p.m.9 views

RLSA-2026:35833 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

8.7CVSS6.8AI score0.00651EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...

8.3CVSS6AI score0.00508EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS0.00508EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.11 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:18 a.m.9 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00508EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:18 a.m.62 views

CVE-2026-9547

The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...

7.4CVSS6AI score0.00508EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.56 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

0.00508EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:18 a.m.4 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6.1AI score0.00508EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/03 6:13 a.m.9 views

EUVD-2026-41502

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score0.00574EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:13 a.m.33 views

CVE-2026-12064

CVE-2026-12064 describes an issue in curl where using a schemeless URL with --proto-default for SFTP/SCP causes the tool layer to skip SSH security configuration (notably CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS ). The libcurl runtime honors the default protocol and proceeds ...

7.5CVSS6AI score0.00574EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/03 6:13 a.m.8 views

CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6.2AI score0.00574EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.4 views

curl: curl: Man-in-the-middle attack via SSH host key bypass

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS6AI score0.00508EPSS
Exploits1References7
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References21
Rows per page
Query Builder