Lucene search
K

3504 matches found

Snyk
Snyk
added 2026/04/22 5:6 p.m.7 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 5:6 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

9.8CVSS5.6AI score0.00478EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user t...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 8:17 p.m.5 views

CVE-2026-40884

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

9.8CVSS0.00478EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 8:17 p.m.5 views

CVE-2026-40876

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.8CVSS0.00439EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 3:32 p.m.5 views

EUVD-2026-24129

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.7AI score0.00155EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.3 views

EUVD-2025-209540

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.7AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.17 views

EUVD-2026-24128

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 3:16 p.m.8 views

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS0.00155EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.3 views

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS5.7AI score0.00155EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 2:14 p.m.29 views

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:10 p.m.4 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 2:10 p.m.16 views

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/04/21 12:1 p.m.43 views

CVE-2026-32147

Technical details about affected products/versions and remediation are not provided in the supplied documents; monitor for updates.

5.3CVSS5.8AI score0.00354EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/21 12:1 p.m.4 views

CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 12:1 p.m.8 views

EEF-CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon ssh\sftpd stores the raw, user-supplied path i...

5.3CVSS5.5AI score0.00354EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 9:5 a.m.4 views

SUSE-SU-2026:21250-1 Security update for openvswitch

This update for openvswitch fixes the following issue: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273...

5.9CVSS5.3AI score0.00405EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

7.3CVSS5.8AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder