Lucene search
K

200 matches found

CVE
CVE
added yesterday17 views

CVE-2026-12064

CVE-2026-12064 affects curl versions including 7.81.0 prior to 8.21.0. When using a schemeless URL with --proto-default for SFTP/ SCP, the tool layer fails to initialize SSH host verification options (CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS) while libcurl proceeds with the c...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:46 p.m.8 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 12:34 a.m.7 views

EUVD-2026-37018

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 12:16 a.m.10 views

CVE-2026-9258

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 9:34 a.m.30 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/25 9:34 a.m.47 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

0.0059EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/21 12:41 p.m.7 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
NVD
NVD
added 2026/05/20 8:16 p.m.15 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS0.00586EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 5:43 p.m.86 views

CVE-2026-24218

CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 5:43 p.m.10 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:43 p.m.11 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 5:43 p.m.17 views

EUVD-2026-31142

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 2:29 p.m.18 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References7
Vulnrichment
Vulnrichment
added 2026/05/13 3:40 p.m.7 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3143)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3143 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 Note that Nessus has not tested for thi...

5.9CVSS5.8AI score0.01394EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.5 views

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...

7.5CVSS6AI score0.25939EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift kube-apiserver (RHSA-2019:2989)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2989 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - containers/image: not...

6.4CVSS5.8AI score0.01604EPSS
Exploits0References7
NVD
NVD
added 2026/02/19 12:16 a.m.10 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS0.00447EPSS
Exploits3References3
Rows per page
Query Builder