CLSA-2026-1774528369 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

Exploit for Argument Injection in Weblate

Weblate — Arbitrary File Read via SSH Host Argument Injection...

Exploit for Argument Injection in Weblate

Weblate -- Arbitrary File Read via SSH Host Argument Injection...

Aquasecurity Trivy Embedded Malicious Code Vulnerability

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the...

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...

Authorization Bypass Through User-Controlled Key

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Source Control feature when configured to use SSH, as the SSH command disables host key verification. An attacker can intercept repository dat...

CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

CVE-2026-33724

n8n's CVE-2026-33724 affects the Source Control SSH workflow in n8n before version 2.5.0. When SSH is configured for git operations, the host key verification was disabled, allowing a network attacker between the n8n instance and the remote Git server to present a fraudulent host key and potentia...

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

PT-2026-28085

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.5.0 Description n8n is a workflow automation platform. When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker...

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

MGASA-2026-0066 Updated trilead-ssh2 packages fix security vulnerabilities

CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...

Updated trilead-ssh2 packages fix security vulnerabilities

CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

CLSA-2026-1774369958 openssh: Fix of CVE-2026-3497

CVE-2026-3497: replace incorrect use of sshpktdisconnect with sshpacketdisconnect and properly initialize variables...

Malicious code in ssh-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d42bf2b2b77d94173694ed6e952fc5efb2d0de3b04f237f15ffa9470809a321e The package ssh-common was found to contain malicious code...

MAL-2026-2390 Malicious code in ssh-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d42bf2b2b77d94173694ed6e952fc5efb2d0de3b04f237f15ffa9470809a321e The package ssh-common was found to contain malicious code...