OpenSSH security update (CVE-2025-61985)

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2617

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

CVE-2026-23647

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded...

[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Low: openssh

Issue Overview: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file....

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.3)

The version of AHV installed on the remote host is prior to AHV-10.3.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.3 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2617

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

CVE-2026-2617 Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

CVE-2026-2617

CVE-2026-2617 affects Beetel 777VR1 up to version 01.00.09, with a vulnerability in the Telnet Service/SSH Service causing insecure default initialization of a resource. Impact details in the connected sources indicate the issue is exploitable from the local network, and exploitation has been pub...

SUSE: Security Advisory (SUSE-SU-2026:0559-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Beetel 777VR1 安全漏洞

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a security vulnerability. This vulnerability stems from the insecure default initialization of resources in the Telnet Service/SSH Service components...

PT-2026-20336

Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions prior to 01.00.10 Description A security issue exists in the SSH Service component of Beetel 777VR1. The issue involves the use of risky cryptographic algorithms and is potentially exploitable remotely. The exploitabilit...

CVE-2025-32063

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...

Advisory ROSA-SA-2026-3152

Software: libssh 0.9.6 OS: ROSA Virtualization 3.1 unaffected versions = libssh-0.9.6-16.rv31 affected versions libssh-0.9.6-16.rv31 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside ...

CVE-2025-32063 Enabling SSH server on Infotainment ECU

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...