Lucene search
K

159 matches found

Snyk
Snyk
added 6 days ago4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-47826

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

9.1CVSS0.00337EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42507

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-47826 blobs.yaml Path Traversal Allows File Writes

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 12:16 a.m.2 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS6.1AI score0.00265EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/07/08 12:16 a.m.6 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/08 12:13 a.m.6 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 12:9 a.m.7 views

EUVD-2026-42139

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6AI score0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:9 a.m.131 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 12:4 a.m.7 views

EUVD-2026-42137

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 4:16 p.m.66 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:30 p.m.11 views

CVE-2026-45080 Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 3:30 p.m.16 views

EUVD-2026-33962

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 3:29 p.m.48 views

CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.13 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/02 3:29 p.m.3 views

CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.9AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 6:38 p.m.37 views

CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS0.00957EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/05 4:44 p.m.9 views

NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)

NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...

9.8CVSS6AI score0.00921EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.11 views

SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:54 a.m.5 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

5.8AI score0.00544EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder