Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

OESA-2026-1666 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

CVE-2020-36983

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

CVE-2025-67737

CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...

CVE-2025-10639

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...

EUVD-2025-24055

Malicious code in bioql PyPI...

EUVD-2025-29079

Malicious code in bioql PyPI...

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

PT-2024-24993 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router version R0.40e6 Description: A vulnerability in the LevelOne WBR-6012 router's firmware allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

PT-2024-1168 · Korenix · Korenix Jetnet

Name of the Vulnerable Software and Affected Versions: Korenix JetNet devices versions prior to 2024/01 Description: The issue is related to an Improper Authentication vulnerability in the TFTP Server component of Korenix JetNet devices. This vulnerability can be exploited by a remote attacker to...

ProLink PRS1841 信任管理问题漏洞

The ProLink PRS1841 is a router from ProLink Singapore. A security vulnerability exists in the Prolink PRS1841 that stems from the IT Telnet and FTP services containing hard-coded credentials...

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

CVE-2022-22989

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

Bosch Video Management System Path Traversal Vulnerability

Bosch DIVAR IP 3000 is a 3000 series video recorder from Bosch Germany. A path traversal vulnerability in FileTransferService in the Bosch Video Management System, which arises from a failure of a networked system or product to properly filter special elements in the path of a resource or file, c...

CVE-2020-6767

A path traversal vulnerability in the Bosch Video Management System BVMS FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 = 10.0.0.1225, 9.0 = 9.0.0.827, 8.0 = 8.0.329 and 7.5 and older. This affects...

CVE-2019-18257

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the use...

PT-2019-15360 · Bosch · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A vulnerability has been identified in the SFTP service of the Control Center Server, which contains an authentication bypass issue. This allows a remote attacker with network...