CVE-2025-68718

KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

CVE-2025-68718

KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...

CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

ALPINE-CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15224

CVE-2025-15224 : The curl/libcurl implementation used for SSH-based transfers (SCP/SFTP) can incorrectly authenticate via a locally running SSH agent when public-key authentication is requested. This (libssh backend) behavior allows bypassing intended agent prompts and may enable unintended authe...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15079 libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

CVE-2025-15079

CVE-2025-15079 affects curl/libcurl when using SSH-based transfers (SCP/SFTP) with a libssh backend. The vulnerability arises in known_hosts handling: even if a per-file known_hosts is used, connections could be accepted for hosts not present in that file if they are recognized in the libssh glob...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1358)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1358 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

KAYSUS KS-WR1200 安全漏洞

The KAYSUS KS-WR1200 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR1200 version 107, which originates from exposing SSH and TELNET services on the LAN interface with hard-coded credentials, which could lead to an attacker logging in with...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600, which stems from the SSH service being enabled by default and the root account not having a password, which could lead to arbitrary command execution...

PT-2026-1668

Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera F/FC/PT/D version 8.0.0.64 Description The FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 includes hard-coded SSH credentials that cannot be altered through standard camera settings. This allows attackers to obtain...

PT-2026-1918

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 version 1.0.5.9.1 Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have the SSH service enabled by default on the LAN interface. The root account is configured without a password, and administrators are...