CVE-2026-59999 In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CVE-2026-60000 sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
CVE-2026-60001 sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when “sftp server:/path .” is used with an attacker-controlled server.
CVE-2026-59996 scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CVE-2026-59997 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. Continue reading CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
