155 matches found
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: pgwatch, seaweedfs, ory-kratos, dapr-fips, temporal-fips, gitness, spqr, openbao, ldap2pg, bento-fips, cloudnative-pg-fips, falcosidekick, grafana-fips, openfga-fips, sftpgo-plugin-eventstore, chainloop-control-plane-fips, sqlexporter, chainloop-control-plane,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, dex, rancher, spqr, kyverno-notation-aws, terraform, cert-manager-cmctl, external-secrets-operator, minio, cert-manager, frp, rclone, ratify, cert-manager-csi-driver, xeol, opentofu, k6, flux-source-controller, seaweedfs, grafana, openbao, kyverno,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, dex, rancher, spqr, kyverno-notation-aws, terraform, cert-manager-cmctl, external-secrets-operator, minio, cert-manager, frp, rclone, ratify, cert-manager-csi-driver, xeol, opentofu, k6, flux-source-controller, seaweedfs, grafana, openbao, kyverno,...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: pgwatch, seaweedfs, ory-kratos, dapr-fips, temporal-fips, gitness, spqr, openbao, ldap2pg, bento-fips, cloudnative-pg-fips, falcosidekick, grafana-fips, openfga-fips, sftpgo-plugin-eventstore, chainloop-control-plane-fips, sqlexporter, chainloop-control-plane,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: victoriametrics, dkron, flux-helm-controller, pluto, gh, fluxcd-kustomize-mutating-webhook, hubble, ingress-nginx-controller, nodetaint, metacontroller, tailscale, clickhouse-operator, nfs-subdir-external-provisioner, actions-runner-controller, nova,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: neuvector-scanner, nginx-prometheus-exporter, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, gh, kaf, tofu-controller, terraform, ingress-nginx-controller,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: omni-fips, boring-registry, bento-fips, azcopy, harbor-fips, grype-db, gitlab-workhorse-ce, tkn-fips, fulcio, velero, gitlab-runner, chainloop-control-plane, cert-manager, gotrue, envconsul-fips, gitlab-kas, scorecard, sftpgo, traefik-fips, oauth2-proxy,...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
SUSE CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
SUSE CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
GO-2026-4697 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo...
GO-2026-4699 SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...