CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

EUVD-2018-2955

Malware in sbrugna...

EUVD-2008-5103

Malware in sbrugna...

EUVD-2018-0009

Malware in sbrugna...

EUVD-2019-2188

Malware in sbrugna...

EUVD-2013-0038

Malware in sbrugna...

EUVD-2022-5238

Malicious code in bioql PyPI...

EUVD-2023-44833

Malicious code in bioql PyPI...

EUVD-2022-2102

Malicious code in bioql PyPI...

EUVD-2022-6320

Malicious code in bioql PyPI...

EUVD-2022-52258

Malicious code in bioql PyPI...

EUVD-2022-4923

Malicious code in bioql PyPI...

Cisco Nexus Dashboard Fabric Controller Trust Management Issues Vulnerability

The Cisco Nexus Dashboard Fabric Controller is a comprehensive network management platform from Cisco for managing Cisco NX-OS deployments for LAN, SAN, and IP Fabric for Media IPFM networks in data centers. A trust management issue vulnerability exists in Cisco Nexus Dashboard Fabric Controller...

CVE-2025-20163 Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...