EUVD-2026-25716

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

CVE-2026-7038

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

EUVD-2026-25715

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

PT-2026-35222

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

SSH MCP Server 安全漏洞

SSH MCP Server is a tool developed by Tufan Tunç for remotely executing Shell commands via SSH. Versions of SSH MCP Server 1.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the improper credential protection in the Command Line Handler component’s src/index.ts...

CLSA-2026-1777038917 subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

[SECURITY] Fedora 44 Update: opkssh-0.13.0-8.fc44

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

CLSA-2026-1777040144 subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

HTB-Pterodactyl-Writeup

HackTheBox — Pterodactyl Writeup Difficulty: Medium |...

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory. Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitra...

Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

SUSE-SU-2026:21291-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an...

Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

MAL-2026-3000 Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

GHSA-3M6Q-H5GJ-7MRW Gitea has insecure default SSH settings

Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...

uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

CVE-2026-35341

The CVE-2026-35341 entry concerns uutils coreutils mkfifo. The vulnerability arises when mkfifo tries to create a FIFO but a file already exists at the target path; the operation for that path does not terminate and a follow-up set_permissions call executes, changing the existing file’s permissio...