CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

PT-2026-22320

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

SICK LMS1000和SICK MRS1000 安全漏洞

SICK LMS1000 and SICK MRS1000 are products from the German company SICK. SICK LMS1000 is a lidar sensor. SICK MRS1000 is a 3D lidar sensor. Both SICK LMS1000 and SICK MRS1000 have security vulnerabilities. These vulnerabilities stem from the use of an outdated and weak MAC algorithm in the device...

Security update for docker

This update for docker fixes the following issues: CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

SUSE-SU-2026:0666-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904...

Malicious Package

Overview polyclawd is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview magichat is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

Terrapin Attack - Manual Exploitation Lab CVE-2023-48795...

CLSA-2026-1771664389 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

SUSE CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0001)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an...

CLSA-2026-1771501223 curl: Fix of CVE-2025-15079

CVE-2025-15079: fix accepting hosts not present in the specified knownhosts during SSH-based SCP/SFTP transfers when global knownhosts contained them restrict host verification to the specified knownhosts file...

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

Weblate 参数注入漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.0 contained a parameter injection vulnerability. This vulnerability stemmed from the SSH management console failing to validate the input when adding SSH host keys,...

PT-2026-20926

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1441)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1441 advisory. ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

Medium: curl

Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...