157 matches found
PT-2026-55447
Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.3 Description A stored Cross-Site Scripting XSS issue exists where the inline query parameter on the browsable-share file download and authenticated user file download endpoints suppresses the Content-Disposition:...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: sqlexporter, authentik, gotrue, bento-fips, kube-bench, spire-server-fips, cerbos, gitaly, dapr, harbor-fips, keda-fips, splunk-otel-collector-fips, kine, trillian-fips, openfga-fips, sqlexporter-fips, temporal-fips, azure-service-operator-fips, amass,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: gitea, bento, spqr, yunikorn-k8shim, gitlab-runner, nuclei, grafana, flux, sftpgo-plugin-auth, harbor, flux-source-controller, telegraf, k6, teleport, seaweedfs, minio, cert-manager-csi-driver, rancher, rancher-webhook, rclone, cert-manager-cmctl, xeol, cert-manager,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: gitea, bento, spqr, yunikorn-k8shim, gitlab-runner, nuclei, grafana, flux, sftpgo-plugin-auth, harbor, flux-source-controller, telegraf, k6, teleport, seaweedfs, minio, cert-manager-csi-driver, rancher, rancher-webhook, rclone, cert-manager-cmctl, xeol, cert-manager,...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: sqlexporter, authentik, gotrue, bento-fips, kube-bench, spire-server-fips, cerbos, gitaly, dapr, harbor-fips, keda-fips, splunk-otel-collector-fips, kine, trillian-fips, openfga-fips, sqlexporter-fips, temporal-fips, azure-service-operator-fips, amass,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, aws-load-balancer-controller, dbmate, gh, temporal, flux-operator, goreleaser, actions-runner-controller, grafana-rollout-operator, nfs-subdir-external-provisioner, osv-scanner, flux, apko, supercronic, tailscale,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: crossplane-provider-keycloak, ingress-nginx-controller, bento, gh, trillian, bank-vaults, grpcurl, goreleaser, helm-mapkubeapis, jitsucom-bulker, cadvisor, k8ssandra-client, knative-operator, step-issuer, memcached-exporter, redpanda, argo-rollouts, net-kourier, delv...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: authentik, gotrue, grafana-mimir-fips, trillian-fips, beats-fips, undock, buildah, beats, gitsign, commercial-chainloop-cli, cilium-fips, ratify, skaffold-fips, grype, kyverno-notation-aws-fips, tfsec, hydra, grpc-health-probe, neuvector, omni, ko, neuvector-scanner,...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
SUSE CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
SUSE CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
GO-2026-4699 SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo...
GO-2026-4697 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...