Lucene search
K

2310 matches found

CVE
CVE
added yesterday6 views

CVE-2026-58423

The CVE-2026-58423 entry concerns Gitea’s LFS authentication: a malformed SSH sub-verb allows unauthorized read access to private repositories. The issue is described as an authentication bypass that can enable read access without credentials, affecting LFS handling in affected Gitea deployments....

7.7CVSS5.9AI score
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-9547

CVE-2026-9547 describes an SSH host-validation flaw in libcurl: when a libcurl-based application uses SCP/SFTP with CURLOPT_SSH_KEYFUNCTION, a host key type mismatch may be silently accepted, allowing a connection to succeed without warning and enabling potential man-in-the-middle attacks. The is...

6AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-41502

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS0.00345EPSS
Exploits0References5
OSV
OSV
added 2 days ago3 views

EEF-CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle\data/4 function in ssh\sftpd contains a catch-all clause that accepts channel data of any...

5.3CVSS6AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-8482 Information leak in NSRPC client history

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago6 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago5 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.14.68 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.8CVSS6.9AI score0.03663EPSS
Exploits27References11
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-27957 Coolify: Authenticated RCE via command injection in CA certificate management feature

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS0.00658EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-27957

CVE-2026-27957 affects Coolify prior to 4.0.0-beta.464, where an authenticated command-injection in the CA Certificate management feature lets any authenticated user run arbitrary commands as the configured SSH user on the managed host. This typically enables full compromise of the managed server...

8.8CVSS6.1AI score0.00658EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

SUSE-SU-2026:2715-1 Security update for podman

This update for podman rebuilds it against the current go security release. - CVE-2026-34986: Update github.com/go-jose/go-jose/v3+v4 dependency bsc1262856. - CVE-2026-39829, CVE-2026-39830, CVE-2026-42508, CVE-2026-46598: Update golang.org/x/crypto/ssh dependency bsc1266125...

9.1CVSS6.8AI score0.00651EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago5 views

Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
OSV
OSV
added 5 days ago5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
Fedora
Fedora
added 5 days ago4 views

[SECURITY] Fedora 43 Update: podman-tui-1.11.2-1.fc43

podman-tui is a terminal user interface for Podman. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

7.5CVSS6.7AI score0.00651EPSS
Exploits1
EUVD
EUVD
added 2026/06/26 10:53 p.m.7 views

EUVD-2026-39490

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit...

6.4CVSS5.8AI score0.0018EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 2:13 p.m.6 views

MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
Rockylinux
Rockylinux
added 2026/06/26 12:3 p.m.6 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

9.1CVSS6.8AI score0.00728EPSS
Exploits0
Rows per page
Query Builder