1807 matches found
JLSEC-2026-406
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
Medium: libssh
Issue Overview: libssh OOB Read in sftpparselongname CVE-2026-0968 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1632 --releasever 2023.11.20260427 to update your system. More information on how to update you...
GHSA-Q4Q6-R8WH-5CGH PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...
PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...
CLSA-2026-1777445542 libssh2: Fix of 2 CVEs
CVE-2019-3858: fix zero-byte allocation in sftppacketread - CVE-2019-3859: fix out-of-bounds reads in libssh2packetrequire...
PT-2026-37096
Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.3 PhpSpreadsheet versions 2.0.0 through 2.1.14 PhpSpreadsheet versions 2.2.0 through 2.4.3 PhpSpreadsheet versions 3.3.0 through 3.10.3 PhpSpreadsheet versions 4.0.0 through 5.5.0 Description When the...
CLSA-2026-1777036898 libssh2: Fix of 2 CVEs
CVE-2019-3858: fix zero-byte allocation in sftppacketread - CVE-2019-3859: fix out-of-bounds reads in libssh2packetrequire...
async-ssh2-tokio (>=0.2.0 <=0.8.11), dev-tunnels (=0.1.0) +6 more potentially affected by CVE-2026-42189 via russh (>=0.34.0 <=0.43.0)
russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - sshrpc =0.1.0 - tunnels =0.1.0 Source cves: CVE-2026-42189 Source advisory: OSV:GHSA-F5V4-2WR6-HQMG...
openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory. Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitra...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: pgtimetable, flyte, caddy, envoy-gateway, ferretdb, teleport, spicedb, amass, sftpgo, rke2-cloud-provider, kubeflow-pipelines, hydra, kine, src, wal-g, cloudprober, keda, seaweedfs, spqr, temporal-server, bento, timescaledb-parallel-copy, grafana-alloy, gitlab-kas,...
CLSA-2026-1776847322 curl: Fix of 3 CVEs
CVE-2022-27781: add limit of certificates which can be traversed breaking infinite loop in NSS cert verification - CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27534: fix SFTP path '' resolving discrepancy...
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...
CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...
CVE-2026-40876
CVE-2026-40876 (goshs) describes an SFTP jail-escape due to a prefix-based path validation bug in the sftpserver.helper.go sanitizePath implementation. The code uses a raw string-prefix check to validate the target path against the configured root, which allows a sibling path (e.g., /tmp/goshsroo...
CVE-2025-14362
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...
CVE-2026-0972
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...
CVE-2025-14362
Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...
CVE-2026-32147
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...
DEBIAN-CVE-2026-32147
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...