RockyLinux 8 : openssh (RLSA-2025:23481)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23481 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2025-2584)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2025-67737

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

RHEL 8 : openssh (RHSA-2025:23481)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23481 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : openssh (RHSA-2025:23480)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23480 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 10 : openssh (RHSA-2025:23479)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23479 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

ALSA-2025:23481 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

ALSA-2025:23479 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

EUVD-2024-55332

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling...

CVE-2025-67511

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...

CVE-2024-58300 Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling...

EulerOS 2.0 SP13 : openssh (EulerOS-SA-2025-2526)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...

EUVD-2025-202335

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...

CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...