Lucene search
K

898 matches found

RedhatCVE
RedhatCVE
added 2025/11/08 1:57 p.m.6 views

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.8CVSS7.9AI score0.72536EPSS
Exploits6References1
OSV
OSV
added 2025/11/07 2:15 p.m.2 views

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.8CVSS7.4AI score0.72536EPSS
Exploits6References3
AlpineLinux
AlpineLinux
added 2025/11/07 7:26 a.m.5 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.1AI score0.00373EPSS
Exploits1References5
OSV
OSV
added 2025/11/05 8:0 a.m.4 views

CURL-CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.2AI score0.00373EPSS
Exploits1
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

4.3AI score0.00012EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.2 views

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

4.4AI score0.00012EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/24 12:30 p.m.6 views

EUVD-2025-35832

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

5.9AI score0.00193EPSS
Exploits0References7
OSV
OSV
added 2025/10/24 12:15 p.m.6 views

AZL-68769 CVE-2025-40018 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

5.6AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/10/24 11:44 a.m.20 views

CVE-2025-40018

The CVE-2025-40018 issue in the Linux kernel’s ipvs code (ip_vs_ftp) arose from unregistering ip_vs_ftp during netns cleanup before flushing connections, which could lead to use-after-free. The fix introduces a global exiting_module flag: ip_vs_ftp_exit() sets it true before unregistering the per...

6.1AI score0.00193EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/10/24 11:44 a.m.4 views

CVE-2025-40018

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

5.2AI score0.00193EPSS
Exploits0
OSV
OSV
added 2025/10/24 11:44 a.m.5 views

CVE-2025-40018 ipvs: Defer ip_vs_ftp unregister during netns cleanup

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

6.4AI score0.00193EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.6 views

Juniper Junos OS Vulnerability (JSA103167)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103167 advisory. - An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write...

6.9CVSS5.7AI score0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/22 12:12 p.m.10 views

CVE-2025-10641

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

7.1CVSS6.7AI score0.00297EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/10/21 2:8 p.m.4 views

USN-7831-1: Erlang vulnerabilities

It was discovered that Erlang incorrectly handled resource allocation and consumption in the SFTP SSH module. An attacker could possibly use this issue cause Erlang to consume excessive resources, leading to a denial of service...

7.1CVSS5.4AI score0.00402EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/21 11:48 a.m.2 views

CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

6.4AI score0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 11:48 a.m.9 views

CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 11:36 a.m.12 views

CVE-2025-10639 Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...

0.00879EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.11 views

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from the use of weakly hard-coded credentials by the FTP server, which could lead to data modification or reading and remote code...

8.8CVSS9.7AI score0.00879EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 2:15 p.m.21 views

CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00408EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 4:15 p.m.5 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS5.8AI score0.0044EPSS
Exploits0References1
Rows per page
Query Builder