Lucene search
K

219 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.5 views

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS5.7AI score0.00155EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 2:14 p.m.39 views

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS0.00155EPSS
Exploits1References1
CVE
CVE
added 2026/04/21 2:14 p.m.55 views

CVE-2026-0972

CVE-2026-0972 concerns Fortra’s GoAnywhere MFT up to version 7.10.0. Connected sources document two concrete issues: 1) HTML injection in system-generated emails, and 2) the SFTP login limit is not enforced prior to 7.10.0 when a user logs in with an SSH key, potentially enabling brute-force key ...

5.4CVSS5.7AI score0.00155EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/21 2:14 p.m.24 views

CVE-2026-0971

CVE-2026-0971 affects Fortra GoAnywhere MFT prior to v7.10.0. The issue is an improper session timeout where SAML-configured Web Users are redirected to the regular login page instead of the SAML login page. Impact is limited to authentication flow disruption; no data directly exposed per the pro...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:14 p.m.4 views

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 2:14 p.m.49 views

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.3 views

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 2:14 p.m.33 views

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 2:14 p.m.27 views

CVE-2025-14362

Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...

7.3CVSS5.7AI score0.00194EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.5 views

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.7AI score0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:14 p.m.5 views

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.7AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:10 p.m.4 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:10 p.m.5 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 2:10 p.m.23 views

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/04/21 2:10 p.m.36 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

7.3CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability was due to improper session timeout settings, which could cause Web users with SAML configurations t...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33974

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

5.4CVSS5.8AI score0.00155EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Fortra GoAnywhere 安全漏洞

Fortra GoAnywhere is a secure file transfer solution provided by the American company Fortra. There were security vulnerabilities in versions of Fortra GoAnywhere MFT 7.10.0 and earlier, as well as in GoAnywhere Agents 2.2.0 and earlier. These vulnerabilities stemmed from the use of static IVs fo...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder