CVE-2024-48460

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

CVE-2024-48460

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

CVE-2025-22968

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions...

CVE-2025-22968

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions...

CVE-2025-22968

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions...

CVE-2025-22968

Affected product: D-Link DWR-M972V (firmware 1.05SSG). Vulnerability enables a remote attacker to execute arbitrary code via SSH as root without restrictions. Root-privileged code execution stems from the SSH implementation/firmware logic as described in multiple sources. No exploitation details ...

CVE-2025-22968

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions...

PT-2025-4753 · D Link · D-Link Dwr-M972V

Name of the Vulnerable Software and Affected Versions: D-Link DWR-M972V version 1.05SSG Description: The issue is related to the implementation of the SSH protocol in the D-Link DWR-M972V router's firmware, which allows a remote attacker to execute arbitrary code via SSH using a root account...

F5 Networks BIG-IP : libssh vulnerabilities (K000149288)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000149288 advisory. CVE-2019-3859An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire...

CVE-2024-57811

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton...

CVE-2024-57811

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton...

SUSE CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

SUSE CVE-2024-55947

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2024-53705

SonicWall SonicOS SSRF (CVE-2024-53705) affects the SonicOS SSH management interface. The connected guidance confirms a Server-Side Request Forgery in the SSH management server that allows a logged-in remote attacker to establish a TCP connection to an arbitrary IP address on any port. Practical ...

SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of SonicWALL NSv. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH...

PT-2025-1016 · Sonicwall · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS affected versions not specified Description: A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logg...

USN-7181-1 salt vulnerability

It was discovered that Salt incorrectly handled web requests when the SSH client was enabled. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

USN-7181-1: Salt vulnerability

It was discovered that Salt incorrectly handled web requests when the SSH client was enabled. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

PT-2025-4405

Name of the Vulnerable Software and Affected Versions iTerm2 versions 3.5.6 through 3.5.10 Description The issue sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration...

Remote Command Execution

Gogs is vulnerable to Remote Command Execution. The vulnerability is due to improper validation of symlink files, allowing a malicious user to commit and edit crafted symlink files in a repository to gain SSH access to the server...