SUSE CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

344-3.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...

Oracle Linux 10 : cockpit: / Unauthenticated / remote / code / execution / due / to / SSH / command-line / argument / injection / (CRITICAL) (ELSA-2026-7383)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7383 advisory. - correctly apply CVE patches CVE-2026-4631 Wed Mar 25 2026 Jelle van der Waa [email protected] - 344-3 Tenable has extracted the preceding description block...

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

Exploit for Path Traversal in Gogs

GOGS RCE cve-2025-8110 Gogs is a lightweight and self-hosted...

Linux Distros Unpatched Vulnerability : CVE-2026-40194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's !=...

UBUNTU-CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

GHSA-R854-JRXH-36QX phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

EUVD-2026-21120

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

EUVD-2025-209397

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7384)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7384 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7382)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7382 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

JLSEC-2026-78

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

JLSEC-2026-68

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

JLSEC-2026-64

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

JLSEC-2026-69

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

JLSEC-2026-71

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...