CVE-2026-42251

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

CVE-2026-42251

The CVE concerns KS-SOMED where hard-coded credentials in KSPLUPDFTP.exe (up to 30.00.00.056) and ANEKSKLIENT.EXE (up to 29.00.02.026) allowed an unauthorized actor to access an FTP server hosting update packages. This could enable uploading a malicious update that might be distributed and instal...

EUVD-2026-33642

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

CVE-2026-42251 Hard-coded credentials in KS-SOMED

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

RLSA-2026:18160 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Buffer underflow in sshgethexa on invalid input CVE-2026-0966 libssh: Improper sanitation of paths received from SCP servers CVE-2026-0964 libssh: libssh:...

PT-2026-44906

Summary Froxlor 2.3.6 lets administrators configure system.available shells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit requests. As a result, an authenticated customer...

PT-2026-44907

Summary Froxlor 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorized keys under a customer-controlled home directory without verifying that the target path is not a symboli...

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2025-36145 Multiple Vulnerabilities in watsonx.data

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2025-36145 Multiple Vulnerabilities in watsonx.data

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

EUVD-2025-209935

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2025-36145

CVE-2025-36145 affects IBM watsonx.data (Lakehouse) versions 2.2–2.3.1. The issue is inadequate restriction of inbound/outbound connections, enabling an attacker to transfer or modify files without proper controls. Impact: confidentiality/integrity concerns with file operations; no exploit detail...

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There are security vulnerabilities in the version 2.2 to 2.3.1 of IBM Watsonx.data. These vulnerabilities stem from improper restrictions on inbound and outbound connections, allowing attackers to transfer or modify files without...

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016620 advisory. A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local...

[SECURITY] Fedora 43 Update: proftpd-1.3.9a-2.fc43

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

BIT-PYTHON-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...