Lucene search
+L

278 matches found

Nuclei
Nuclei
added 3 days ago228 views

CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. id: CVE-2023-43177 info: name: CrushFTP 10.5.1 - Unauthenticated Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | CrushFTP prior...

9.8CVSS7.1AI score0.81801EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.81 views

CrushFTP - Authentication Bypass

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-31161 info: name: CrushFTP - Authenticati...

9.8CVSS7.4AI score0.99947EPSS
Exploits18References4
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.129 views

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

10CVSS7.2AI score0.99539EPSS
Exploits22References4
GithubExploit
GithubExploit
added 2026/05/08 8:36 a.m.139 views

Exploit for Code Injection in Crushftp

CVE-2024-4040 — CrushFTP SSTI / LFI Proof of Concept For...

10CVSS6.2AI score0.99539EPSS
Exploits22
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.14 views

PT-2026-36613

Name of the Vulnerable Software and Affected Versions CrushFTP Enterprise Managed File Transfer versions prior to 11.1.0 Description An unauthenticated remote code execution flaw exists due to a Server-Side Template Injection SSTI—a vulnerability where a server improperly processes user-supplied...

8CVSS6.7AI score0.00588EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/02/23 12:42 a.m.153 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-3116...

9.8CVSS8.6AI score0.99947EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/02/20 1:40 p.m.149 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

No d...

9.8CVSS5.4AI score0.99947EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/01/27 12:10 p.m.176 views

Exploit for Unprotected Alternate Channel in Crushftp

C...

9.8CVSS7.3AI score0.92034EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/01/11 12:59 p.m.179 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 is a critical severity vulnerability allowing att...

9.8CVSS9.7AI score0.99947EPSS
Exploits18
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.11 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS6.8AI score0.81801EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.6 views

CVE-2018-18288

CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection...

6.1CVSS6.9AI score0.00642EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/06 10:12 a.m.189 views

Exploit for Unprotected Alternate Channel in Crushftp

CrushFTP AS2 Authentication Bypass Research !CVSS Scoreht...

9.8CVSS7.4AI score0.92034EPSS
Exploits7
GithubExploit
GithubExploit
added 2025/11/27 7:10 a.m.202 views

Exploit for CVE-2025-63420

CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...

4.1CVSS6.7AI score0.00264EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/13 7:11 a.m.5 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/12 6:31 p.m.5 views

EUVD-2025-131917

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

6.1CVSS5.4AI score0.00229EPSS
Exploits1References3
NVD
NVD
added 2025/11/12 5:15 p.m.5 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

6.1CVSS0.00229EPSS
Exploits1References2
OSV
OSV
added 2025/11/12 5:15 p.m.5 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/12 12:0 a.m.2 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

5.5AI score0.00229EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/12 12:0 a.m.9 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

0.00229EPSS
Exploits1References2
CVE
CVE
added 2025/11/12 12:0 a.m.12 views

CVE-2025-63419

Summary: CVE-2025-63419 affects CrushFTP 11.3.6_48. The web-based server’s file sharing feature reflects the filename into an emailBody field without sanitization, enabling HTML injection through an XSS vulnerability. Affected: CrushFTP Web-Based Server (CrushFTP 11.3.6_48). Impact/Notes: XSS via...

6.1CVSS5.5AI score0.00229EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder