CVE-2026-9185

CVE-2026-9185 affects the WordPress plugin 6Storage Rentals (versions

GHSA-G794-3FMP-753H AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

PT-2024-17837

Name of the Vulnerable Software and Affected Versions Loomio version 2.22.0 Description The issue allows executing arbitrary commands on the server due to the application being vulnerable to OS Command Injection. Recommendations For Loomio version 2.22.0, update to a version that fixes the OS...

CVE-2021-37441

NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring...

eQ-3 AG HomeMatic CCU2 Open XML-RPC Port Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A security vulnerability exists in the eQ-3 AG HomeMatic CCU2 version 2.29.22. An attacker can exploit the vulnerability by sending arbitrary XML-RPC requests to control attached BidCos...