Lucene search
K

103 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago10 views

Coder < 2.29.17 / 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 Multiple Vulnerabilities

The version of Coder installed on the remote host is prior to 2.29.17, 2.32.7, 2.33.8, or 2.34.2. It is, therefore, affected by multiple vulnerabilities: - A user-admin role can reset the owner account password, resulting in privilege escalation from user-admin to owner. CVE-2026-55077 - A...

8.7CVSS6.2AI score0.00615EPSS
Exploits0References14
NVD
NVD
added last week6 views

CVE-2026-21901

A NULL Pointer Dereference vulnerability in the management daemon mgd of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service DoS. A local high-privileged user configuri...

6.7CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 11:55 p.m.16 views

CVE-2026-55427

Coder exposes SSH config injection risk via the config-ssh command: before 2.34.2, 2.33.8, 2.32.7, and 2.29.17, server-supplied values for HostnameSuffix and SSHConfigOptions could be written into ~/.ssh/config without rejecting newlines or restricting directives. This could enable a malicious or...

8.3CVSS6.1AI score0.00466EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2026/06/26 2:17 p.m.46 views

curl: ssh_config_matches is dead code: unauthorized SSH key reuse

Summary libcurl's SSH connection-reuse guard sshconfigmatches — added for CVE-2022-27782 and reaffirmed by CVE-2023-27538 — is dead code in every release since 7.83.1. It compares sshc-rsa / sshc-rsapub between a new transfer "needle" and a pooled connection, but on both sides those pointers are...

7.7CVSS6.7AI score0.02596EPSS
Exploits2
Hacker One
Hacker One
added 2026/06/08 3:11 a.m.944 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/06/03 5:6 a.m.16 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.10 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.19 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 10:1 a.m.48 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:38 p.m.8 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 10:5 a.m.9 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 9:57 a.m.7 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.20 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/22 8:37 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

6.3CVSS5.6AI score
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.6 views

UBUNTU-CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

8.1CVSS6AI score0.00247EPSS
Exploits0References4
OSV
OSV
added 2026/04/02 4:44 p.m.2 views

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

3.6CVSS6.1AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29833

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 may allow command execution through shell metacharacters present in a username specified within a command line. This requires an untrusted username on the command line and...

8.1CVSS6.7AI score0.00419EPSS
Exploits0References62
Github Security Blog
Github Security Blog
added 2026/03/25 10:6 p.m.17 views

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...

7.4CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 6:26 p.m.4 views

CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 6:26 p.m.28 views

CVE-2026-33724

The CVE-2026-33724 affects n8n (open-source workflow automation platform). Before version 2.5.0, when Source Control was configured to use SSH, the git operations used by SSH explicitly disabled host-key verification. This allowed a network attacker between the n8n instance and the remote Git ser...

7.4CVSS5.8AI score0.00288EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder