CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

Soft Serve security vulnerability

Soft Serve is a self-hosted command-line Git server developed by Charm. Versions of Soft Serve prior to 0.11.2 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing attackers to provide the victim’s public key during the SSH handshake phase,...

PT-2026-4297

Name of the Vulnerable Software and Affected Versions Soft Serve versions 0.11.2 and below Description Soft Serve, a self-hostable Git server, contains a critical flaw that allows an attacker to impersonate any user, including administrators. This is achieved by presenting the victim's public key...

EUVD-2025-5086

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-46712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 fo...

USN-7656-1 erlang vulnerabilities

It was discovered that Erlang OTP’s SSH module incorrectly enforced strict KEX handshake hardening measures. A remote attacker able to intercept communications could possibly use this issue to insert optional messages into connections during the handshake. CVE-2025-46712 It was discovered that...

Security Bulletin: Erlang/OTP SFTP Packet Size Validation Vulnerability Allows Excessive Memory Allocation

Summary Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang...

AZL-61744 CVE-2025-46712 affecting package erlang for versions less than 25.3.2.21-1

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

AZL-61748 CVE-2025-46712 affecting package erlang for versions less than 26.2.5.12-1

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

AZL-57095 CVE-2025-26618 affecting package erlang for versions less than 25.2-3

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

CVE-2025-26618

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

UBUNTU-CVE-2025-26618

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

CVE-2025-26618 SSH SFTP packet size not verified properly in Erlang OTP

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

CVE-2025-26618

CVE-2025-26618 is an Erlang/OTP vulnerability where SSH/SFTP packet handling can lead to excessive memory allocation. The issue occurs after SSH handshake for authenticated users and is fixed in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. Connected advisories reiter the memory impact and patch ...

CVE-2025-26618

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 !Screenshot 2024-07-04 182931https://github.c...

OESA-2024-1104 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2024-1061 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...