156 matches found
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...
EUVD-2026-12072
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy...
SFTPGo 路径遍历漏洞
SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by inconsistent path normalization, potentially leading to authorization bypasses...
SFTPGo 路径遍历漏洞
SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...
PT-2026-25354
Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open-source, event-driven file transfer solution. A path normalization discrepancy exists between the protocol handlers and the internal Virtual Filesystem routing in versions prior to...
PT-2026-25355
Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: overmind, kubo, sftpgo, nvidia-container-toolkit, jitsucom-bulker, fixuid, langfuse, nerdctl, s5cmd, sbom-scorecard, terragrunt, wolfictl, kubewatch, terraform-provider-azapi, descheduler, rancher-webhook, task, ip-masq-agent, cluster-autoscaler, litefs, gostatsd,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: kubo, sftpgo, nvidia-container-toolkit, jitsucom-bulker, wolfictl, langfuse, nerdctl, s5cmd, terragrunt, kubewatch, terraform-provider-azapi, descheduler, rancher-webhook, task, ip-masq-agent, cluster-autoscaler, litefs, gostatsd, cilium, swagger, postgres-operator,...
GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...
EUVD-2024-3341
Malicious code in bioql PyPI...
EUVD-2025-3680
Malicious code in bioql PyPI...
EUVD-2024-3435
Malicious code in bioql PyPI...
EUVD-2024-2079
Malicious code in bioql PyPI...
EUVD-2022-6779
Malicious code in bioql PyPI...
EUVD-2022-6703
Malicious code in bioql PyPI...
CVE-2025-59937 vulnerabilities
Vulnerabilities for packages: sftpgo, gitea...
GHSA-WPWJ-69CM-Q9C5 vulnerabilities
Vulnerabilities for packages: sftpgo, gitea...