Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

CVE-2026-41589

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

CVE-2026-41589

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

Cisco Unified Communications Manager IM & Presence Service Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, CCisco Unified Communications Manager IM & Presence Service is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Unified Communications Manager IM & Presence Service due to a signal handler race condition found in sshd,...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016493 advisory. OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority tha...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

RHEL 10 : buildah (RHSA-2026:14868)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14868 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

CLSA-2026-1778082886 libssh: Fix of CVE-2026-0966

CVE-2026-0966: avoid 1-byte heap buffer underflow in sshgethexa on NULL/zero-length input...

CVE-2026-44405

A flaw was found in Paramiko, a Python implementation of the SSHv2 protocol. The rsakey.py module allows the use of the SHA-1 cryptographic hash algorithm, which is known to have security weaknesses. An attacker on the same local network, with significant effort, could potentially exploit this to...

Unity Linux 20.1060e / 20.1070e Security Update: openssh (UTSA-2026-016487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016487 advisory. OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority tha...

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift kube-apiserver (RHSA-2019:2989)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2989 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - containers/image: not...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3143)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3143 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 Note that Nessus has not tested for thi...

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...

Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

CLSA-2026-1778003336 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa when called with a NULL pointer or zero-length input - debian/patches/CVE-2026-0966.patch: add NULL/zero-length input validation in sshgethexa; add unit-test coverage - CVE-2026-0966...

CLSA-2026-1778003186 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

Exploit for CVE-2026-29000

HackTheBox — Principal Difficulty: Medium OS: Linux...

CLSA-2026-1777976917 openssh: Fix of CVE-2026-35385

CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...

Cisco UCS Director Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco UCS Director is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco UCS Directory due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds, after which th...