CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00157EPSS

Exploits0References3

CVE•added 2026/05/25 9:34 a.m.•24 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.00598EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/25 9:34 a.m.•40 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

0.00598EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 3:40 p.m.•5 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS

Exploits0References1

NVD•added 2026/02/19 12:16 a.m.•6 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS0.00447EPSS

Exploits3References3

CVE•added 2026/02/18 11:5 p.m.•31 views

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

9.1CVSS5.5AI score0.00447EPSS

Exploits3References3Affected Software1

RedhatCVE•added 2026/01/09 12:29 p.m.•14 views

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

5.3CVSS7.2AI score0.00387EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•6 views

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

5.9CVSS6.7AI score0.00868EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-5103

Malware in sbrugna...

7.5CVSS6.4AI score0.01867EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2013-0038

Malware in sbrugna...

9.3CVSS6.1AI score0.01824EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-2188

Malware in sbrugna...

5.9CVSS5.7AI score0.01382EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•11 views

EUVD-2018-0009

Malware in sbrugna...

7.4CVSS7.3AI score0.01963EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-2955

Malware in sbrugna...

7.1CVSS4.9AI score0.00354EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-44833