CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...

CVE-2024-12390

A vulnerability in binary-husky/gptacademic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. Th...

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

Azure Linux 3.0 Security Update: erlang (CVE-2025-26618)

The version of erlang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26618 advisory. - Erlang is a programming language and runtime system for building massively scalable soft real-time systems...

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / docker-compose / kubernetes / kubevirt / moby-compose (CVE-2025-22869)

The version of cert-manager / cf-cli / docker-buildx / docker-compose / kubernetes / kubevirt / moby-compose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22869 advisory. - SSH servers which...

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...

CVE-2025-30234

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image a Debian 12 LX zone image from 2024-07-26...

CVE-2025-30234

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image a Debian 12 LX zone image from 2024-07-26...

CVE-2025-30234

SmartOS (as used in Triton Data Center and related products) is affected by CVE-2025-30234 due to static host SSH keys embedded in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26). The issue is tied to the presence of static host keys in the image, with C...

CVE-2025-30234

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image a Debian 12 LX zone image from 2024-07-26...

SUSE-SU-2025:0901-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2025-26618: Fixed SSH SFTP packet size not verified properly in Erlang OTP bsc1237467...

Advisory ROSA-SA-2025-2776

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

[SECURITY] Fedora 42 Update: podman-tui-1.4.0-1.fc42

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...