CVE-2026-46598

creationtimestamp| type| source ---|---|--- 2026-05-22 06:15:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgbtjxtaj2k...

CVE-2026-39834

creationtimestamp| type| source ---|---|--- 2026-05-22 06:13:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgbqtk4sl2c...

CVE-2026-6391

creationtimestamp| type| source ---|---|--- 2026-05-22 05:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mmg7gqbumh2l...

Incorrect Authorization

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback type...

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...

CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-34911

creationtimestamp| type| source ---|---|--- 2026-05-22 04:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmg2dhtakh2s 2026-05-26 16:30:06+00:00| seen| https://t.me/truesecator/8245 2026-05-27 06:38:42+00:00| seen|...

CVE-2026-8327

creationtimestamp| type| source ---|---|--- 2026-05-22 02:53:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmfwkatib32o...

CVE-2026-8245

creationtimestamp| type| source ---|---|--- 2026-05-22 02:48:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmfwclbti72p...

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-46595

CVE-2026-46595 affects golang.org/x/crypto/ssh. The issue arises when VerifiedPublicKeyCallback is invoked with a callback type other than public key, causing the source-address validation to be bypassed and enabling an authorization bypass. The description notes this is a continuation of CVE-202...

SUSE CVE-2026-43501

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...

SUSE CVE-2026-44071

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

GO-2026-5023 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

angr 9.2.217

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Unity Linux 20.1070e Security Update: wildfly-elytron (UTSA-2026-016747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016747 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: mybatis (UTSA-2026-016735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016735 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Arm NN 安全漏洞

Arm NN is an open-source machine learning inference engine optimized for the Arm architecture, developed by Arm Software. Versions of Arm NN prior to 2026-03-27 contained a security vulnerability. This vulnerability stemmed from integer overflow in the TensorShape::GetNumElements function, which...