CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126 matches found

Vulnrichment•added 2026/05/13 9:7 p.m.•3 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS5.9AI score0.00033EPSS

Exploits1References1

Snyk•added 2026/05/06 11:22 p.m.•4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

7.1CVSS5.8AI score0.00033EPSS

Exploits1References2

Tenable Nessus•added 2026/01/14 12:0 a.m.•2 views

TencentOS Server 3: libssh (TSSA-2025:0983)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0983 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.8CVSS7.1AI score0.00246EPSS

Exploits0References2

RedHat Linux•added 2025/12/10 10:23 a.m.•0 views

libssh: Incorrect Return Code Handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS5.7AI score0.00246EPSS

Exploits0References4