CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

EUVD-2026-32595

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

Astra Linux - уязвимость в libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

Summary OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema f...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

Unity Linux 20.1070e Security Update: libssh (UTSA-2025-991268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991268 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libssh (UTSA-2025-990958)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990958 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2025-2392)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...

EulerOS 2.0 SP12 : libssh (EulerOS-SA-2025-2363)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2299)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw...

OESA-2025-2294 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

Medium: libssh

Issue Overview: The privatekeyfromfile uses an uninitialized variable under certain conditions, such as if the file specified by the filename argument doesn't exist. This causes the code to return an invalid private key. This defect, in turn, might cause signing failure. The bug might also cause ...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2025-1155)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1155 advisory. The privatekeyfromfile uses an uninitialized variable under certainconditions, such as if the file specified by the filename argument doesn'texist. This causes the code to return an invalid...

Libssh: use of uninitialized variable in privatekey_from_file()

...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libssh vulnerabilities (USN-7696-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7696-1 advisory. Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

USN-7696-1: libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...