CVE-2026-1102

CVE-2026-1102 affects GitLab CE/EE. Affected are all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2. The issue allowed an unauthenticated user to trigger a denial-of-service condition by sending repeated malformed SSH authentication requests. Remediation is in the pa...

Authentication Bypass by Alternate Name

Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the SSH authentication process. An attacker can gain unauthorized access and impersonate any user, including administrative accounts, by presenting a victim's public key during the SSH handsha...

FreeBSD : oauth2-proxy -- multiple vulnerabilities (fb561db9-0fc1-4d92-81a2-ee01839c9119)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fb561db9-0fc1-4d92-81a2-ee01839c9119 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number...

USN-7956-1: Google Guest Agent vulnerability

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service...

CVE-1999-0787

The SSH authentication agent follows symlinks via a UNIX domain socket...

CURL-CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

Medium: containerd

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

curl: CVE-2025-15224: libssh key passphrase bypass without agent set

A vulnerability was discovered in the libcurl libssh backend where the CURLOPTSSHAUTHTYPES option did not properly implement the CURLSSHAUTHAGENT flag. As a result, if the CURLSSHAUTHPUBLICKEY option was set, the implementation would act as if CURLSSHAUTHAGENT was always defined, allowing...

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

Abilis CPX 安全漏洞

Abilis CPX is a software platform for a range of, voice and data network management equipment from Abilis, Italy. A security vulnerability exists in Abilis CPX that originates from the ability to log into a restricted shell after three failed SSH authentication attempts, which could lead to a...

CVE-2025-11534

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

EUVD-1999-0768

Malware in sbrugna...

EUVD-2021-12568

Malware in sbrugna...

EUVD-2021-27306

Malware in sbrugna...

EUVD-2018-13342

Malware in sbrugna...

EUVD-2021-22989

Malware in sbrugna...

EUVD-2017-18557

Malware in sbrugna...

EUVD-2006-6591

Malware in sbrugna...

EUVD-2019-10399

Malware in sbrugna...

EUVD-2025-6285

Malicious code in bioql PyPI...