EUVD-2025-199896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

EUVD-2025-199897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53897 Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

EUVD-2025-199898

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

PT-2025-48357

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. A flaw exists where a user’s active session may not properly time out due to inactivity under certain circumstances. This issue wa...

PT-2025-48361

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of Kiteworks MFT before 9.1.0 have an issue where an incorrectly specified destination in a communication channel could...

Kiteworks Mft 安全漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from improperly defined roles and permissions, which could lead to elevated privileges...

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

curl: Infinite loop issue in the state machine of the curl project

Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...

Schneider Electric Modicon M340 Controller and Communication Modules Improper Input Validation (CVE-2025-6625)

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

TencentOS Server 3: container-tools:rhel8 (TSSA-2025:0301)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0301 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: buildah (TSSA-2025:0571)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0571 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

Siemens SIPROTEC 4 and SIPROTEC 4 Compact Improper Check For Unusual or Exceptional Conditions (CVE-2024-52504)

Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted. This plugin only works with Tenable.ot. Please visit...

SolarWinds Serv-U 路径遍历漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software from SolarWinds Corporation. SolarWinds Serv-U suffers from a path traversal vulnerability that stems from a path restriction bypass, which could allow an attacker with administrator privileges to execute code in a directory...

Maxum Rumpus FTP Server 输入验证错误漏洞

Maxum Rumpus FTP Server is an FTP server software from Maxum. An input validation error vulnerability exists in Maxum Rumpus FTP Server version 9.0.12 that stems from improper input validation...