Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover

Monsta FTP users must update now! A critical pre-authentication flaw CVE-2025-34299 allows hackers to fully take over web servers. Patch to version 2.11.3 immediately...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

EUVD-2025-38247

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

EUVD-2025-38240

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

AZL-69748 CVE-2025-10966 affecting package cmake 3.30.3-11

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

ALPINE-CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

CVE-2025-10966

CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

CURL-CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when t...

PT-2025-44353

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description If SSH session multiplexing was configured on the client side, SSH sessions such as scp and sftp multiplexed onto the same channel could perform file-system operations after a configured...

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

EUVD-2025-35832

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

AZL-68769 CVE-2025-40018 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

CVE-2025-40018

The CVE-2025-40018 issue in the Linux kernel’s ipvs code (ip_vs_ftp) arose from unregistering ip_vs_ftp during netns cleanup before flushing connections, which could lead to use-after-free. The fix introduces a global exiting_module flag: ip_vs_ftp_exit() sets it true before unregistering the per...