EUVD-2025-209397

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7384)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7384 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7382)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7382 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

JLSEC-2026-78

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

JLSEC-2026-68

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

JLSEC-2026-64

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

JLSEC-2026-69

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

JLSEC-2026-71

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

CVE-2026-35632

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

CVE-2026-35632 OpenClaw <= 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

Malicious code in sjs-lint-build1 (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

PT-2026-31796

Name of the Vulnerable Software and Affected Versions Juniper Networks Apstra versions prior to 6.1.1 Description A Key Exchange without Entity Authentication issue exists in the SSH implementation of Juniper Networks Apstra. This allows an unauthenticated, man-in-the-middle MITM attacker to...

PT-2026-31607

Disclosure from our research team at Pentest-Tools.com "It's just dev mode" is doing a lot of heavy lifting here. FuelCMS has no enforced access control on the add git submodule installer function. Dev mode on, git over SSH enabled, a valid .git directory in the root: any authenticated user can...

Juniper Networks Apstra 安全漏洞

Juniper Networks Apstra is a data center network automation and intent-driven management platform developed by Juniper Networks. Versions of Juniper Networks Apstra prior to 6.1.1 contained security vulnerabilities, which were due to insufficient SSH host key verification. These vulnerabilities...

PT-2026-31767

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.2.22 Description OpenClaw through version 2026.2.22 has a symlink traversal issue in the agents.create and agents.update handlers. These handlers use fs.appendFile on IDENTITY.md without proper symlink containmen...

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...