Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

PT-2026-33975

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

Ericsson Erlang 安全漏洞

Ericsson Erlang is a general-purpose concurrent programming language developed by the Swedish company Ericsson. There is a security vulnerability in Ericsson Erlang, which stems from improper path restrictions in the sshsftpd module. This vulnerability allows authenticated SFTP users to modify fi...

PT-2026-33978

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

Debian dla-4535 : openssh-client - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4535 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/...

Exploit for CVE-2026-4631

CVE-2026-4631 — Code Analysis Cockpit: Unauthenticated Rem...

CVE-2026-31927 Anviz CX7 Firmware Relative Path Traversal

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

ctf-writeups-Doli1

🛡️ Doli 1 — CTF Writeup VulnHub VAPT Report For...

RHEL 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7383)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7383 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Oracle Linux 9 : cockpit: / Unauthenticated / remote / code / execution / due / to / SSH / command-line / argument / injection / (CRITICAL) (ELSA-2026-7384)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7384 advisory. 344-2.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop...

Photon OS 4.0: Openssh PHSA-2026-4.0-0985

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0985. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

[SECURITY] Fedora 44 Update: ksshaskpass-6.6.4-1.fc44

A ssh-add helper that uses kwallet and kpassworddialog...

MGASA-2026-0099 Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

CLSA-2026-1776262694 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: null pointer dereference and out-of-bounds read in sftpparselongname when processing malformed SSHFXPNAME messages - debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname - CVE-2026-0968...

[SECURITY] Fedora 43 Update: NetworkManager-ssh-1.4.4-1.fc43

This package contains software for integrating VPN capabilities with the OpenSSH server with NetworkManager...

MAL-2026-2911 Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

Fedora: Security Advisory (FEDORA-2026-3aebe19127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : NetworkManager-ssh (2026-3aebe19127)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3aebe19127 advisory. Add sshpass -P prompt ---- Fix CVE-2025-9615 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...