Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

CVE-2025-53897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

CVE-2025-53900

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0...

CVE-2025-53896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

EUVD-2025-199895

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0...

CVE-2025-53900

Kiteworks MFT is affected by CVE-2025-53900 due to an improper definition of roles and permissions when managing Connections. Prior to version 9.1.0, this could allow an authorized user to escalate privileges within end-to-end file transfer workflows. The issue has been fixed in version 9.1.0. Af...

EUVD-2025-199896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

EUVD-2025-199897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53897 Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

EUVD-2025-199898

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

PT-2025-48357

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. A flaw exists where a user’s active session may not properly time out due to inactivity under certain circumstances. This issue wa...

Kiteworks Mft 安全漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from improperly defined roles and permissions, which could lead to elevated privileges...

PT-2025-48361

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of Kiteworks MFT before 9.1.0 have an issue where an incorrectly specified destination in a communication channel could...

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

curl: Infinite loop issue in the state machine of the curl project

Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...