Lucene search
K

156 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 7:2 p.m.2 views

CVE-2026-30914

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

5.3CVSS5.8AI score0.00521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 7:2 p.m.24 views

CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

5.3CVSS0.00521EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:2 p.m.3 views

CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

5.3CVSS5.8AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2026/03/13 6:56 p.m.5 views

GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

6.9CVSS5.8AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 6:55 p.m.4 views

EUVD-2026-12072

SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy...

5.3CVSS5.8AI score0.00521EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

SFTPGo 路径遍历漏洞

SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by inconsistent path normalization, potentially leading to authorization bypasses...

8.1CVSS7.3AI score0.00521EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

SFTPGo 路径遍历漏洞

SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...

5.3CVSS7.3AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25354

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open-source, event-driven file transfer solution. A path normalization discrepancy exists between the protocol handlers and the internal Virtual Filesystem routing in versions prior to...

9.9CVSS7.1AI score0.22162EPSS
Exploits69References136
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25355

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...

9.9CVSS7.1AI score0.22162EPSS
Exploits69References135
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.15 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: overmind, kubo, sftpgo, nvidia-container-toolkit, jitsucom-bulker, fixuid, langfuse, nerdctl, s5cmd, sbom-scorecard, terragrunt, wolfictl, kubewatch, terraform-provider-azapi, descheduler, rancher-webhook, task, ip-masq-agent, cluster-autoscaler, litefs, gostatsd,...

8.6CVSS7.1AI score0.00472EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.26 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: kubo, sftpgo, nvidia-container-toolkit, jitsucom-bulker, wolfictl, langfuse, nerdctl, s5cmd, terragrunt, kubewatch, terraform-provider-azapi, descheduler, rancher-webhook, task, ip-masq-agent, cluster-autoscaler, litefs, gostatsd, cilium, swagger, postgres-operator,...

10CVSS6.9AI score0.00765EPSS
Exploits1
OSV
OSV
added 2025/12/11 5:1 p.m.4 views

GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

3.1CVSS6.5AI score0.00205EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3341

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00598EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-3680

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.0067EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3435

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00389EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2079

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00307EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-6779

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6703

Malicious code in bioql PyPI...

8.3CVSS8.1AI score0.00438EPSS
Exploits1References4
Wolfi
Wolfi
added 2025/10/02 2:43 p.m.4 views

CVE-2025-59937 vulnerabilities

Vulnerabilities for packages: sftpgo, gitea...

9.1CVSS5.9AI score0.00505EPSS
Exploits1
Wolfi
Wolfi
added 2025/10/02 2:43 p.m.3 views

GHSA-WPWJ-69CM-Q9C5 vulnerabilities

Vulnerabilities for packages: sftpgo, gitea...

5.9AI score
Exploits0
Rows per page
Query Builder