CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-40830

CVE-2025-40830 affects Siemens SINEC Security Monitor before version 4.10.0. The issue is missing authorization checks for the file_transfer feature in ssmctl-client, enabling an authenticated, low-priv local attacker to read or write arbitrary files on the server or sensor. Mitigation: upgrade t...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

PT-2025-49839

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

CVE-2025-8148

CVE-2025-8148 concerns Fortra’s GoAnywhere MFT; all connected sources describe an improper access control in the SFTP service for versions prior to 7.9.0. Web users who have an Authentication Alias and a valid SSH key but are restricted to password authentication can still log in using their SSH ...

CVE-2025-8148 CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

EUVD-2025-201495

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

CVE-2025-11759

CVE-2025-11759 affects the WordPress plugin “Backup, Restore and Migrate your sites with XCloner” (versions up to and including 4.8.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the Xcloner_Remote_Storage:save() function, enabling unauthenticate...

EUVD-2025-201322

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

CVE-2025-53897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

CVE-2025-53900

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0...

CVE-2025-53896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

EUVD-2025-199895

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0...

CVE-2025-53900

Kiteworks MFT is affected by CVE-2025-53900 due to an improper definition of roles and permissions when managing Connections. Prior to version 9.1.0, this could allow an authorized user to escalate privileges within end-to-end file transfer workflows. The issue has been fixed in version 9.1.0. Af...