Lucene search
K

14916 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49972

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 11:39 p.m.27 views

CVE-2026-9261

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.6CVSS0.00184EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:52 p.m.8 views

Malicious code in twrap-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/15 9:52 p.m.4 views

MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....

6.6AI score
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/15 3:34 p.m.5 views

Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS6.4AI score0.01557EPSS
Exploits3References28
OSV
OSV
added 2026/06/15 3:34 p.m.3 views

SUSE-SU-2026:2401-1 Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...

9.9CVSS5.2AI score0.01557EPSS
Exploits3References15
SUSE Linux
SUSE Linux
added 2026/06/15 3:34 p.m.12 views

Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent: clien...

9.9CVSS6.4AI score0.01557EPSS
Exploits3References28
OSV
OSV
added 2026/06/15 3:34 p.m.3 views

SUSE-SU-2026:2400-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS7.8AI score0.01557EPSS
Exploits3References15
OSV
OSV
added 2026/06/15 3:9 p.m.8 views

MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 6:51 a.m.8 views

Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/13 6:51 a.m.8 views

MAL-2026-5732 Malicious code in houzidawang808 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...

5.3AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.16 views

ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation

Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...

5.5AI score
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 3:28 p.m.9 views

Malicious code in internallib_v984 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...

5.5AI score
Exploits0References7
OSV
OSV
added 2026/06/12 3:4 p.m.7 views

GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

8.5CVSS5.6AI score0.00038EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.9 views

Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

5.6AI score0.00038EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 12:27 p.m.8 views

OESA-2026-2668 libwebsockets security update

Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of t...

6.9CVSS5.2AI score0.00429EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:30 a.m.12 views

EUVD-2026-36389

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS5.5AI score0.0045EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2026-2382)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjuncti...

8.2CVSS7.2AI score0.0218EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/11 8:33 p.m.11 views

Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds

SSH message fields were decoded through allocation-first parsers before field-specific bounds Summary Several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH pe...

7.5CVSS6AI score0.00268EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder