38 matches found
MAL-2026-2827 Malicious code in js-logger-pack (npm)
js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1355)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...
EUVD-2005-2330
Malware in sbrugna...
EUVD-2016-6284
Malware in sbrugna...
EUVD-2022-52065
Malicious code in bioql PyPI...
ROS-20250922-05
The MinIO object storage server vulnerability is related to a client key trust error if the public key matches the sshPublicKey attribute. Exploitation of the vulnerability could allow an attacker acting remotely to bypass authentication and gain unauthorized access to the server. remotely to...
CVE-2025-52983 Junos OS: After removing ssh public key authentication root can still log in
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines RE, even if the configured public key for root has been removed, remote users which are i...
CVE-2025-52983 Junos OS: After removing ssh public key authentication root can still log in
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines RE, even if the configured public key for root has been removed, remote users which are i...
GO-2025-3570 SSH public key login without private key challenge if mfa is enabled in jumpserver in github.com/jumpserver/koko in github.com/jumpserver/jumpserver
SSH public key login without private key challenge if mfa is enabled in jumpserver in github.com/jumpserver/koko in github.com/jumpserver/jumpserver...
CVE-2022-4768
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...
CVE-2023-43652
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2024-6580
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...
CVE-2024-6580
CVE-2024-6580 concerns the IPWorks SSH library SFTPServer component. The issue arises when loading an SSH public key or certificate, where the component can be induced to make unintended filesystem or network path requests. Exploitation requires an application calling the SFTPServer to grant user...
PT-2024-37734 · /N · Ipworks Ssh
Name of the Vulnerable Software and Affected Versions: /n software IPWorks SSH versions prior to 22.0.8945 /n software IPWorks SSH versions prior to 24.0.8945 Description: The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path request...
Virtuozzo Hybrid Infrastructure 6.0 Update 1 (6.0.1-76)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, object storage, alerts and monitoring. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-43652
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
Design/Logic Flaw
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...