14916 matches found
PT-2026-49972
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...
CVE-2026-9261
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
SUSE-SU-2026:2401-1 Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...
Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent: clien...
SUSE-SU-2026:2400-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...
Malicious code in houzidawang807 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...
MAL-2026-5732 Malicious code in houzidawang808 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...
Malicious code in internallib_v984 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...
GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection
Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection
Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...
OESA-2026-2668 libwebsockets security update
Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of t...
EUVD-2026-36389
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...
Linux Distros Unpatched Vulnerability : CVE-2026-48859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing...
EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2026-2382)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjuncti...
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds
SSH message fields were decoded through allocation-first parsers before field-specific bounds Summary Several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH pe...