Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Mlflow <2.9.2 - Path Traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...

MAL-2026-6524 Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

GHSA-VGWF-H737-FF37 golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

GHSA-45GG-VH54-H5M9 golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

EUVD-2026-31394

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

GHSA-F5WC-C3C7-36MC golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

CVE-2026-50014

Affected software : pnpm (package manager). Vulnerability context : Prior to versions 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a separator or commit-format validation. In shallow-fetch paths, a malicious lockfile can replace the expe...

CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

PT-2026-52513

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...

Malicious code in leo-auth (npm)

The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

MAL-2026-6432 Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...