SUSE CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

Security Bulletin: Unexpected SSH_AGENT_SUCCESS Response Causes Client Panic and Premature Termination in SSH Client, affects watsonx.data

Summary SH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response wi...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-1602)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.Thi...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1386)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2026-1552)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1355)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1331)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,...

Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability

Talos Vulnerability Report TALOS-2025-2291 Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability March 16, 2026 CVE Number CVE-2025-62501 SUMMARY A misconfiguration vulnerability exists in the SSH Hostkey functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.549015553. A specially...

OESA-2026-1563 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1561 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1560 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1559 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

Linux Distros Unpatched Vulnerability : CVE-2026-23943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletio...

Linux Distros Unpatched Vulnerability : CVE-2026-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerabili...

`tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

CVE-2026-22209

thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...