156 matches found
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: temporal-server-fips, src, goose, dapr-fips, dapr, grafana-alloy-fips, ldap2pg, opentelemetry-collector-contrib-fips, kube-bench, authentik, gotrue, kubeflow-pipelines, rke2-cloud-provider, sftpgo, gitaly, sftpgo-plugin-eventstore, gitness, keda-fips, wal-g,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: openbao, xeol, cert-manager-cmctl, percona-server-mongodb-operator, trufflehog, telegraf, frp, yunikorn-k8shim, cert-manager-csi-driver, rclone, rancher-webhook, rancher-agent, zot, flux, dex, gitlab-runner, spqr, kyverno-notation-aws, kyverno, minio, harbor, opentof...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: openbao, xeol, cert-manager-cmctl, percona-server-mongodb-operator, trufflehog, telegraf, frp, yunikorn-k8shim, cert-manager-csi-driver, rclone, rancher-webhook, rancher-agent, zot, flux, dex, gitlab-runner, spqr, kyverno-notation-aws, kyverno, minio, harbor, opentof...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: temporal-server-fips, src, goose, dapr-fips, dapr, grafana-alloy-fips, ldap2pg, opentelemetry-collector-contrib-fips, kube-bench, authentik, gotrue, kubeflow-pipelines, rke2-cloud-provider, sftpgo, gitaly, sftpgo-plugin-eventstore, gitness, keda-fips, wal-g,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, grafana-operator, nfs-subdir-external-provisioner, sftpgo-plugin-eventsearch, polaris, omnibump, smokescreen, metacontroller, oras, victoriametrics-cluster, flux-image-reflector-controller, aws-privateca-issuer,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: cilium, datadog-agent, secrets-store-csi-driver-provider-aws, vault-env, newrelic-infrastructure-agent, azure-service-operator, kube-state-metrics, gitaly, buildah, k8sgpt-operator, kpt, tkn, knative-operator, gitsign, falco-no-driver, k8ssandra-client, kubeflow-kati...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, task, k8sgpt, nerdctl, grype, gitaly, kargo, tekton-chains-fips, ratify-fips, packer, buildah, cloudprober-fips, temporal-server, sigstore-scaffolding-fips, kaniko, argo-workflows, syft, prometheus-podman-exporter-fips, falcosidekick, beats, cg,...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
SUSE CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
SUSE CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
GO-2026-4697 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo...
GO-2026-4699 SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...