Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82 matches found

EUVD
EUVDadded 2025/11/07 9:30 a.m.1 views

EUVD-2025-38240

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

6.7AI score0.00033EPSS
Exploits1References5
OSV
OSVadded 2025/11/07 8:15 a.m.2 views

AZL-69766 CVE-2025-10966 affecting package cmake 3.21.4-21

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS6.3AI score0.00033EPSS
Exploits1References1
NVD
NVDadded 2025/11/07 8:15 a.m.2 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS0.00033EPSS
Exploits1References5
OSV
OSVadded 2025/11/07 8:15 a.m.2 views

ALPINE-CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.1AI score0.00033EPSS
Exploits1References1
OSV
OSVadded 2025/11/07 8:15 a.m.3 views

AZL-69748 CVE-2025-10966 affecting package cmake 3.30.3-11

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS6.6AI score0.00033EPSS
Exploits1References1
Snyk
Snykadded 2025/11/07 7:46 a.m.1 views

Key Exchange without Entity Authentication

Overview Affected versions of this package are vulnerable to Key Exchange without Entity Authentication in the SFTP implementation in the wolfSSH backend. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack. Note: This issue affects only users that bui...

6.3CVSS5.7AI score0.00033EPSS
Exploits1References2
CVE
CVEadded 2025/11/07 7:26 a.m.33 views

CVE-2025-10966

CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...

4.3CVSS6.7AI score0.00033EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinuxadded 2025/11/07 7:26 a.m.4 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.1AI score0.00033EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/11/07 7:26 a.m.1 views

CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

6.4AI score0.00033EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/11/07 7:26 a.m.16 views

CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

0.00033EPSS
Exploits1References3
CNNVD
CNNVDadded 2025/11/07 12:0 a.m.1 views

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from the lack of a host authentication mechanism when SFTP uses the wolfSSH backend, which could lead to a man-in-the-middle attack...

4.3CVSS5.5AI score0.00033EPSS
Exploits1References6
OSV
OSVadded 2025/11/05 8:0 a.m.2 views

CURL-CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.2AI score0.00033EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2025/11/05 12:0 a.m.1 views

PT-2025-45413

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description The software lacks proper host verification when establishing SSH connections for SFTP operations using the wolfSSH backend. This flaw allows for man-in-the-middle MITM attacks to go undetected,...

4.6CVSS5.5AI score0.00033EPSS
Exploits1References30
RedhatCVE
RedhatCVEadded 2025/10/22 2:11 p.m.1 views

CVE-2025-11625

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.8CVSS7.1AI score0.00067EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/21 3:30 p.m.3 views

EUVD-2025-35174

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.4CVSS6.5AI score0.00067EPSS
Exploits0References2
NVD
NVDadded 2025/10/21 2:15 p.m.1 views

CVE-2025-11625

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.8CVSS0.00067EPSS
Exploits0References1
OSV
OSVadded 2025/10/21 2:15 p.m.1 views

CVE-2025-11625

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.8CVSS7AI score
Exploits0References1
Cvelist
Cvelistadded 2025/10/21 1:25 p.m.6 views

CVE-2025-11625 Host verification bypass and credential leak

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.4CVSS0.00067EPSS
Exploits0References1
CVE
CVEadded 2025/10/21 1:25 p.m.5 views

CVE-2025-11625

The CVE-2025-11625 entry concerns wolfSSH (client) versions 1.4.20 and earlier with an improper host authentication flaw that can permit authentication bypass and leakage of client credentials. Multiple sources (NVD, Red Hat, EUVD, OSV, CVE list, CNVD, CIRCL, etc.) describe the issue across wolfS...

9.8CVSS6.7AI score0.00067EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/10/21 1:25 p.m.7 views

CVE-2025-11625 Host verification bypass and credential leak

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.4CVSS6.7AI score0.00067EPSS
Exploits0References1
Rows per page
Query Builder