CLSA-2026-1779371406 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell injection in netrw via the tempfile suffix when reading sftp:// or file:// URLs by escaping the tempfile and restricting the suffix regex to word characters...

GHSA-67RW-2X62-MQQM Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

There was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies in the following scenario: The shares feature is used for the specific purpose of creating a share of just a single file inside a folder Either the FTP or SFTP server is enabled, and...

GHSA-8C39-XPPG-479C Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954

CVE-2025-68954 affects Pterodactyl’s SFTP subsystem where active SFTP sessions are not revoked when a user is removed or has permissions reduced. Multiple sources describe that credentials are checked at handshake, but not re-validated afterward, allowing a user who was connected to maintain acce...

EUVD-2019-16176

Malware in sbrugna...

EUVD-2025-5560

Malicious code in bioql PyPI...

PT-2025-27619 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to read and write OS files via SFTP connections. Account members of the Network Administrator profile can access the target machine via SFTP with the same...

Siemens SCALANCE LPE9403 Improper Limitation of a Pathname to a Restricted Directory (CVE-2025-27395)

Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. This plugin only works with Tenable.ot. Please visit...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

GHSA-WC79-7X8X-2P58 MinIO allows an SFTP authentication bypass due to improperly trusted SSH key

Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...

CVE-2025-27414

A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...

PT-2025-9136 · Minio · Minio

Name of the Vulnerable Software and Affected Versions: MinIO versions RELEASE.2024-06-06T09-36-42Z through RELEASE.2025-02-28T09-55-16Z Description: A bug in MinIO's evaluation of the trust of the SSH key used in an SFTP connection allows authentication bypass and unauthorized data access. This...

PT-2024-15062

Name of the Vulnerable Software and Affected Versions Nokia SR OS routers affected versions not specified Description The issue allows low-privilege authenticated users with "access console" to gain read-write access to the entire file system via SFTP or SCP. This access enables them to read or...

CVE-2024-21190

Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware component: Cloning. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle...

SUSE CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

Mobatek MobaXterm 授权问题漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to v22.1, which stems from a vulnerability that allows an...

Remote Code Execution in extension "Turn!" (turn)

The extensions fails to sanitize user input resulting in Remote Code Execution. The issue is only exploitable, when the attacker has FTP/SFTP access to the TYPO3 website...

CVE-2017-12337

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade RU or...