RHEL 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7383)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7383 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Photon OS 4.0: Openssh PHSA-2026-4.0-0985

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0985. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle Linux 9 : cockpit: / Unauthenticated / remote / code / execution / due / to / SSH / command-line / argument / injection / (CRITICAL) (ELSA-2026-7384)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7384 advisory. 344-2.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop...

[SECURITY] Fedora 44 Update: ksshaskpass-6.6.4-1.fc44

A ssh-add helper that uses kwallet and kpassworddialog...

MGASA-2026-0099 Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

CLSA-2026-1776262694 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: null pointer dereference and out-of-bounds read in sftpparselongname when processing malformed SSHFXPNAME messages - debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname - CVE-2026-0968...

[SECURITY] Fedora 43 Update: NetworkManager-ssh-1.4.4-1.fc43

This package contains software for integrating VPN capabilities with the OpenSSH server with NetworkManager...

Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

MAL-2026-2911 Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

Fedora: Security Advisory (FEDORA-2026-3aebe19127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : NetworkManager-ssh (2026-3aebe19127)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3aebe19127 advisory. Add sshpass -P prompt ---- Fix CVE-2025-9615 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Exploit for CVE-2024-12029

Alternative-Approach-Reverse-Shell-Callback-Test-InvokeAI-RCE...

MAL-2026-2827 Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

AlmaLinux 10 : cockpitUnauthenticated remote code execution due to SSH command-line argument injection (Critical) (ALSA-2026:7383)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7383 advisory. cockpit: ws: be more explicit when handling hostnames on cli CVE-2026-4631 Tenable has extracted the preceding description block directly from the AlmaLinux...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an early termination condition in golang.org/x/crypto [CVE-2025-47913]

Summary IBM Watson Speech Services Cartridge is vulnerable to an early termination condition in golang.org/x/crypto, due to an issue with SSH clients CVE-2025-47913. golang.org/x/crypto is used in our Speech Operators. This vulnerabilitiy has been addressed. Please read the details for remediatio...

Malicious code in ts-lint-builds (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5b6d9da5acae076b81860b7c119f9b61dd48b9b5360e56b582fdae563f96d8 The package ts-lint-builds was found to contain malicious...

Malicious code in bjs-lint-builder (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4578f36842f930e2a5e6a4129c10eb87bf1005fe8cbdf05ffb9fdc2fe43ad8 The package bjs-lint-builder was found to contain malicious...

Malicious code in centralogger (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...