CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 6 days ago•1 views

GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

5.3CVSS5.8AI score

Exploits0References2

Github Security Blog•added 6 days ago•7 views

russh server userauth state is not reset when authentication principal changes

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 6 days ago•4 views

PT-2026-45018

Summary The russh server authentication path keeps internal userauth state across SSH MSG USERAUTH REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not...

5.3CVSS5.8AI score

Exploits0References3

Packet Storm News•added 2026/05/28 12:0 a.m.•4 views

Persona Attack: Incremental Memory Injection Jailbreak Attack against Large Language Models

As Large Language Models evolve for user convenience, vulnerability to jailbreak attacks continues to be reported despite ongoing efforts in safety training. Traditional jailbreak techniques typically focus on a single prompt injection, neglecting the models' ability to remember the flow of...

5.8AI score

OSV•added 2026/05/27 2:17 p.m.•1 views

UBUNTU-CVE-2026-46038

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...

5.8AI score0.00024EPSS

Exploits0References3

NVD•added 2026/05/26 10:16 p.m.•6 views

CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS0.00026EPSS

Exploits1References2

Packet Storm News•added 2026/05/26 12:0 a.m.•7 views

BAIT: Boundary-Guided Disclosure Escalation Via Self-Conditioned Reasoning

In this work, we propose BAIT Boundary-Aware Iterative Trap, a three-step jailbreak framework that approaches malicious goals through internal disclosure. BAIT first asks the model to identify the protection boundary, then requires it to refine that boundary, and finally requests a detailed...

5.8AI score

EUVD•added 2026/05/25 3:15 p.m.•5 views

EUVD-2026-31701

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

7.5CVSS6.9AI score0.00039EPSS

Exploits0References5

CNNVD•added 2026/05/25 12:0 a.m.•5 views

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a SQL injection vulnerability that stems from the operation of the parameter User in the file /success.php, which could lead to SQL injection...

7.5CVSS7.2AI score0.00039EPSS

Exploits0References5

Snyk•added 2026/05/22 5:32 a.m.•5 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially...

NVD•added 2026/05/22 4:16 a.m.•4 views

Exploits0References2

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS0.00034EPSS

OSV•added 2026/05/22 4:16 a.m.•2 views

UBUNTU-CVE-2026-39828

CVE•added 2026/05/22 2:31 a.m.•10 views

Exploits0References6

CVE-2026-39828

CVE-2026-39828 affects the SSH handling in golang.org/x/crypto/ssh. When an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions are discarded, potentially bypassing certificate restrictions (e.g., force-command) after 2FA. Returning non-nil Per...

Exploits0References4Affected Software1

Cvelist•added 2026/05/22 2:31 a.m.•28 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

0.00034EPSS

Debian CVE•added 2026/05/22 2:31 a.m.•2 views

CVE-2026-39828

EUVD•added 2026/05/22 2:31 a.m.•3 views

EUVD-2026-31394

Vulnrichment•added 2026/05/22 2:31 a.m.•2 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

5.8AI score0.00034EPSS

OSV•added 2026/05/22 2:8 a.m.•1 views

GO-2026-5014 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Positive Technologies•added 2026/05/22 12:0 a.m.•4 views

Exploits0References3

PT-2026-42707

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently...