[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-10009":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":150,"aliases":165,"duplicate_of":9,"upstream":166,"downstream":167,"duplicates":196,"related":197,"reserved_at":9,"published_at":206,"modified_at":207,"state":208,"summary":209,"references_raw":218,"kevs":306,"epss":307,"epss_history":310,"metrics":572,"affected":586},"CVE-2016-10009","Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-426","Untrusted Search Path","The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.","weakness","Stable","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-38","Leveraging/Manipulating Configuration File Search Paths",[24,110],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.007","Path Interception by PATH Environment Variable",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,57,61,66,71,76,81,86,90,94,98,102,106],{"id":45,"name":46,"tactic":47},"D3-FA","File Analysis",{"name":48},"Detect",{"id":50,"name":51,"tactic":52},"D3-FIM","File Integrity Monitoring",{"name":48},{"id":54,"name":55,"tactic":56},"D3-DA","Dynamic Analysis",{"name":48},{"id":58,"name":59,"tactic":60},"D3-EFA","Emulated File Analysis",{"name":48},{"id":62,"name":63,"tactic":64},"D3-FEV","File Eviction",{"name":65},"Evict",{"id":67,"name":68,"tactic":69},"D3-DF","Decoy File",{"name":70},"Deceive",{"id":72,"name":73,"tactic":74},"D3-FE","File Encryption",{"name":75},"Harden",{"id":77,"name":78,"tactic":79},"D3-RF","Restore File",{"name":80},"Restore",{"id":82,"name":83,"tactic":84},"D3-CF","Content Filtering",{"name":85},"Isolate",{"id":87,"name":88,"tactic":89},"D3-LFP","Local File Permissions",{"name":85},{"id":91,"name":92,"tactic":93},"D3-RFAM","Remote File Access Mediation",{"name":85},{"id":95,"name":96,"tactic":97},"D3-CQ","Content Quarantine",{"name":85},{"id":99,"name":100,"tactic":101},"D3-CM","Content Modification",{"name":85},{"id":103,"name":104,"tactic":105},"D3-EAL","Executable Allowlisting",{"name":85},{"id":107,"name":108,"tactic":109},"D3-EDL","Executable Denylisting",{"name":85},{"id":111,"name":112,"tactics":113,"countermeasures":119},"T1574.009","Path Interception by Unquoted Path",[114,115,116,117,118],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[120,122,124,126,128,130,132,134,136,138,140,142,144,146,148],{"id":45,"name":46,"tactic":121},{"name":48},{"id":50,"name":51,"tactic":123},{"name":48},{"id":54,"name":55,"tactic":125},{"name":48},{"id":58,"name":59,"tactic":127},{"name":48},{"id":62,"name":63,"tactic":129},{"name":65},{"id":67,"name":68,"tactic":131},{"name":70},{"id":72,"name":73,"tactic":133},{"name":75},{"id":77,"name":78,"tactic":135},{"name":80},{"id":82,"name":83,"tactic":137},{"name":85},{"id":87,"name":88,"tactic":139},{"name":85},{"id":91,"name":92,"tactic":141},{"name":85},{"id":95,"name":96,"tactic":143},{"name":85},{"id":99,"name":100,"tactic":145},{"name":85},{"id":103,"name":104,"tactic":147},{"name":85},{"id":107,"name":108,"tactic":149},{"name":85},[151],{"_key":152,"name":153,"source":154,"url":155,"maturity":156,"reliability_score":157,"verified":158,"type":159,"platforms":160,"requires_auth":9,"exploitdb":162,"metasploit":9},"40963","OpenSSH \u003C 7.4 - agent Protocol Arbitrary Library Loading","exploit-database","https://www.exploit-db.com/exploits/40963","weaponized",0.8,true,"remote",[161],"linux",{"verified":158,"type":159,"platform":161,"file":163,"codes":164},"exploits/linux/remote/40963.txt",[7],[],[],[168,170,172,174,176,178,180,182,184,186,188,190,192,194],{"_key":169},"ALPINE-CVE-2016-10009",{"_key":171},"SUSE-SU-2017:1661-1",{"_key":173},"SUSE-SU-2017:0264-1",{"_key":175},"SUSE-SU-2017:0603-1",{"_key":177},"SUSE-SU-2017:0606-1",{"_key":179},"SUSE-SU-2017:0607-1",{"_key":181},"SUSE-SU-2017:0607-2",{"_key":183},"SUSE-SU-2017:0607-3",{"_key":185},"OPENSUSE-SU-2024:11124-1",{"_key":187},"DLA-1500-1",{"_key":189},"DEBIAN-CVE-2016-10009",{"_key":191},"RHSA-2017:2029",{"_key":193},"UBUNTU-CVE-2016-10009",{"_key":195},"USN-3538-1",[],[198,199,200,201,202,203,204,205],{"_key":171},{"_key":173},{"_key":175},{"_key":177},{"_key":179},{"_key":181},{"_key":183},{"_key":185},"2017-01-05T00:00:00.000Z","2026-05-29T20:23:51.303Z","Modified",{"cisa_kev":210,"cisa_ransomware":210,"cisa_vendor":9,"epss_severity":211,"epss_score":212,"severity":213,"severity_score":214,"severity_version":215,"severity_source":216,"severity_vector":217,"severity_status":208},false,"low",0.01579,"high",7.5,"v2.0","nvd","AV:N/AC:L/Au:N/C:P/I:P/A:P",[219,225,230,234,239,245,249,253,258,262,266,270,274,278,282,286,290,294,298,302],{"url":220,"sources":221,"tags":223},"https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",[222,216],"cve.org",[224],"Patch",{"url":226,"sources":227,"tags":228},"https://www.exploit-db.com/exploits/40963/",[222,216],[229],"Exploit",{"url":231,"sources":232,"tags":233},"https://security.netapp.com/advisory/ntap-20171130-0002/",[222,216],[],{"url":235,"sources":236,"tags":237},"http://www.securityfocus.com/bid/94968",[222,216],[238],"VDB Entry",{"url":240,"sources":241,"tags":242},"http://www.openwall.com/lists/oss-security/2016/12/19/2",[222,216],[243,244],"Mailing List","Release Notes",{"url":246,"sources":247,"tags":248},"http://www.securitytracker.com/id/1037490",[222,216],[238],{"url":250,"sources":251,"tags":252},"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",[222,216],[],{"url":254,"sources":255,"tags":256},"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc",[222,216],[257],"Vendor Advisory",{"url":259,"sources":260,"tags":261},"https://usn.ubuntu.com/3538-1/",[222,216],[257],{"url":263,"sources":264,"tags":265},"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",[222,216],[],{"url":267,"sources":268,"tags":269},"https://access.redhat.com/errata/RHSA-2017:2029",[222,216],[257],{"url":271,"sources":272,"tags":273},"http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html",[222,216],[],{"url":275,"sources":276,"tags":277},"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",[222,216],[243],{"url":279,"sources":280,"tags":281},"https://www.openssh.com/txt/release-7.4",[222,216],[],{"url":283,"sources":284,"tags":285},"https://bugs.chromium.org/p/project-zero/issues/detail?id=1009",[222,216],[],{"url":287,"sources":288,"tags":289},"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",[222,216],[],{"url":291,"sources":292,"tags":293},"http://www.openwall.com/lists/oss-security/2023/07/19/9",[222,216],[243],{"url":295,"sources":296,"tags":297},"http://seclists.org/fulldisclosure/2023/Jul/31",[222,216],[243],{"url":299,"sources":300,"tags":301},"http://www.openwall.com/lists/oss-security/2023/07/20/1",[222,216],[243],{"url":303,"sources":304,"tags":305},"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",[222,216],[],[],{"date":308,"score":212,"percentile":309},"2026-06-04",0.81905,[311,314,317,320,323,326,329,332,335,338,341,344,347,349,352,355,358,361,364,367,370,372,375,378,381,384,387,389,393,396,399,402,405,407,409,412,415,418,421,424,427,430,433,436,439,442,445,447,450,453,456,459,462,464,468,471,474,477,480,483,486,489,491,494,496,498,501,504,507,510,513,516,519,521,524,527,531,534,537,540,543,546,549,552,555,558,561,564,566,568],{"date":312,"score":212,"percentile":313},"2025-11-04",0.80944,{"date":315,"score":212,"percentile":316},"2025-11-05",0.80946,{"date":318,"score":212,"percentile":319},"2025-11-06",0.80947,{"date":321,"score":212,"percentile":322},"2025-11-07",0.80958,{"date":324,"score":212,"percentile":325},"2025-11-08",0.80966,{"date":327,"score":212,"percentile":328},"2025-11-09",0.80962,{"date":330,"score":212,"percentile":331},"2025-11-10",0.80957,{"date":333,"score":212,"percentile":334},"2025-11-11",0.80961,{"date":336,"score":212,"percentile":337},"2025-11-12",0.80973,{"date":339,"score":212,"percentile":340},"2025-11-13",0.80979,{"date":342,"score":212,"percentile":343},"2025-11-14",0.80984,{"date":345,"score":212,"percentile":346},"2025-11-15",0.8098,{"date":348,"score":212,"percentile":340},"2025-11-16",{"date":350,"score":212,"percentile":351},"2025-11-17",0.80976,{"date":353,"score":212,"percentile":354},"2025-11-18",0.80019,{"date":356,"score":212,"percentile":357},"2025-11-19",0.80023,{"date":359,"score":212,"percentile":360},"2025-11-20",0.8003,{"date":362,"score":212,"percentile":363},"2025-11-21",0.80994,{"date":365,"score":212,"percentile":366},"2025-11-22",0.80997,{"date":368,"score":212,"percentile":369},"2025-11-23",0.80988,{"date":371,"score":212,"percentile":369},"2025-11-24",{"date":373,"score":212,"percentile":374},"2025-11-25",0.80992,{"date":376,"score":212,"percentile":377},"2025-11-26",0.80993,{"date":379,"score":212,"percentile":380},"2025-11-27",0.80999,{"date":382,"score":212,"percentile":383},"2025-11-28",0.8099,{"date":385,"score":212,"percentile":386},"2025-11-29",0.80995,{"date":388,"score":212,"percentile":380},"2025-11-30",{"date":390,"score":391,"percentile":392},"2025-12-01",0.02274,0.84202,{"date":394,"score":391,"percentile":395},"2025-12-02",0.84203,{"date":397,"score":391,"percentile":398},"2025-12-03",0.84204,{"date":400,"score":212,"percentile":401},"2025-12-04",0.81001,{"date":403,"score":212,"percentile":404},"2025-12-05",0.8101,{"date":406,"score":212,"percentile":404},"2025-12-06",{"date":408,"score":212,"percentile":404},"2025-12-07",{"date":410,"score":212,"percentile":411},"2025-12-08",0.81011,{"date":413,"score":212,"percentile":414},"2025-12-09",0.81027,{"date":416,"score":212,"percentile":417},"2025-12-10",0.81053,{"date":419,"score":212,"percentile":420},"2025-12-11",0.81063,{"date":422,"score":212,"percentile":423},"2025-12-12",0.81077,{"date":425,"score":212,"percentile":426},"2025-12-13",0.81076,{"date":428,"score":212,"percentile":429},"2025-12-14",0.81071,{"date":431,"score":212,"percentile":432},"2025-12-15",0.81069,{"date":434,"score":212,"percentile":435},"2025-12-16",0.8108,{"date":437,"score":212,"percentile":438},"2025-12-17",0.81089,{"date":440,"score":212,"percentile":441},"2025-12-18",0.81108,{"date":443,"score":212,"percentile":444},"2025-12-19",0.81115,{"date":446,"score":212,"percentile":441},"2025-12-20",{"date":448,"score":212,"percentile":449},"2025-12-21",0.81104,{"date":451,"score":212,"percentile":452},"2025-12-22",0.81102,{"date":454,"score":212,"percentile":455},"2025-12-23",0.81105,{"date":457,"score":212,"percentile":458},"2025-12-24",0.81117,{"date":460,"score":212,"percentile":461},"2025-12-25",0.81134,{"date":463,"score":212,"percentile":461},"2025-12-26",{"date":465,"score":466,"percentile":467},"2025-12-27",0.03254,0.86792,{"date":469,"score":212,"percentile":470},"2025-12-28",0.81121,{"date":472,"score":212,"percentile":473},"2025-12-29",0.81118,{"date":475,"score":212,"percentile":476},"2025-12-30",0.81125,{"date":478,"score":212,"percentile":479},"2025-12-31",0.81139,{"date":481,"score":391,"percentile":482},"2026-01-01",0.84296,{"date":484,"score":391,"percentile":485},"2026-01-02",0.84295,{"date":487,"score":391,"percentile":488},"2026-01-03",0.84289,{"date":490,"score":212,"percentile":458},"2026-01-04",{"date":492,"score":212,"percentile":493},"2026-01-05",0.81112,{"date":495,"score":212,"percentile":444},"2026-01-06",{"date":497,"score":212,"percentile":473},"2026-01-07",{"date":499,"score":212,"percentile":500},"2026-01-08",0.81127,{"date":502,"score":212,"percentile":503},"2026-01-09",0.81128,{"date":505,"score":212,"percentile":506},"2026-01-10",0.81129,{"date":508,"score":212,"percentile":509},"2026-01-11",0.81122,{"date":511,"score":212,"percentile":512},"2026-01-12",0.81114,{"date":514,"score":212,"percentile":515},"2026-01-13",0.81111,{"date":517,"score":212,"percentile":518},"2026-01-14",0.81132,{"date":520,"score":212,"percentile":461},"2026-01-15",{"date":522,"score":212,"percentile":523},"2026-01-16",0.81144,{"date":525,"score":212,"percentile":526},"2026-01-17",0.8115,{"date":528,"score":529,"percentile":530},"2026-01-18",0.01622,0.81413,{"date":532,"score":529,"percentile":533},"2026-01-19",0.81406,{"date":535,"score":529,"percentile":536},"2026-01-20",0.81409,{"date":538,"score":529,"percentile":539},"2026-01-21",0.81415,{"date":541,"score":529,"percentile":542},"2026-01-22",0.81424,{"date":544,"score":529,"percentile":545},"2026-01-23",0.81448,{"date":547,"score":529,"percentile":548},"2026-01-24",0.81455,{"date":550,"score":529,"percentile":551},"2026-01-25",0.81452,{"date":553,"score":529,"percentile":554},"2026-01-26",0.81451,{"date":556,"score":529,"percentile":557},"2026-01-27",0.8145,{"date":559,"score":529,"percentile":560},"2026-01-28",0.81449,{"date":562,"score":529,"percentile":563},"2026-01-29",0.81446,{"date":565,"score":529,"percentile":563},"2026-01-30",{"date":567,"score":529,"percentile":554},"2026-01-31",{"date":569,"score":570,"percentile":571},"2026-02-01",0.02335,0.84546,[573,584],{"source":216,"cvss_v2_0":574,"cvss_v3_0":577,"cvss_v3_1":582,"cvss_v4_0":9},{"baseScore":214,"baseSeverity":9,"vectorString":217,"impactScore":575,"exploitabilityScore":576},6.4,10,{"baseScore":578,"baseSeverity":579,"vectorString":580,"impactScore":581,"exploitabilityScore":576},7.3,"HIGH","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"baseScore":578,"baseSeverity":579,"vectorString":583,"impactScore":581,"exploitabilityScore":576},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",{"source":222,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":585,"cvss_v4_0":9},{"baseScore":578,"baseSeverity":579,"vectorString":583,"impactScore":581,"exploitabilityScore":576},[587],{"ecosystem":9,"name":588,"vendor":589,"product":588,"cpe_part":590,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":591},"openssh","openbsd","a",[592],{"version":593,"is_range":158,"range_type":594,"version_start":9,"version_start_type":9,"version_end":595,"version_end_type":596,"fixed_in":9},"lte7.3","cpe","7.3","including"]