PT-2026-1920

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR1200 version 107 Description KAYSUS KS-WR1200 routers with firmware version 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or...

curl 安全漏洞

curl is an open source tool from cURL for transferring data from or to a server. A security vulnerability exists in curl that stems from libcurl incorrectly accepting connections to SSH hosts that are not listed in the specified knownhosts file...

curl 安全漏洞

Curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from curl incorrectly using a local SSH proxy for public key authentication...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 expose SSH on the LAN with the root account lacking a password, and allow no disable/authentication option via CLI or web GUI. This configuration enables any LAN-adjacent attacker to obtain a root shell and run commands with full privileges. The pu...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1358)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1358 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...

CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

Linux Distros Unpatched Vulnerability : CVE-2025-15224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locall...

PT-2026-1835

Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused function in MicroServer can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with local network access and administrati...

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

CVE-2020-36915

The CVE affects Adtec Digital SignEdje Digital Signage Player v2.08.28, which contains multiple hardcoded default credentials that allow unauthenticated remote access to web, Telnet, and SSH interfaces. This enables attackers to gain root-level access and execute system commands across multiple A...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

UBUNTU-CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

UBUNTU-CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...