io.github.jinahya:jinahya-bcprov (=0.0.1), org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.10.7) +14 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 and more Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074609...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

CVE-2025-10932

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer AS2 module.This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16...

EUVD-2025-36641

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer AS2 module.This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16...

CVE-2025-10932

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer AS2 module.This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16...

CVE-2025-10932

CVE-2025-10932 is an Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module). The issue affects MOVEit Transfer versions 2025.0.0–before 2025.0.3, 2024.1.0–before 2024.1.7, and 2023.1.0–before 2023.1.16. The root cause is an input/AS2 request handling flaw that ca...

PT-2025-44302

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions 2023.1.0 through 2023.1.16 Progress MOVEit Transfer versions 2024.1.0 through 2024.1.7 Progress MOVEit Transfer versions 2025.0.0 through 2025.0.3 Description An uncontrolled resource consumption issue exists ...

Progress MOVEit Transfer 资源管理错误漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A resource management error vulnerability exists in Progress MOVEit Transfer that stems from an uncontrolled resource consumption issue in the AS2 module. The following versions are affected: versions 2025.0.0...

EUVD-2021-20263

Malware in sbrugna...

EUVD-2021-20262

Malware in sbrugna...

Exploit for Unprotected Alternate Channel in Crushftp

CrushFTP AS2 Authentication Bypass – CVE-2025-54309 Aut...

org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.8.9), org.apache.camel.karaf:camel-as2-test (>=4.7.0 <=4.8.9) +6 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.78)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =4.8.9 Source cves: CVE-2025-8916 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11789690...

org.apache.camel.quarkus:camel-quarkus-as2 (>=3.0.0-M1 <=3.10.0), org.apache.camel.quarkus:camel-quarkus-as2-deployment (>=3.0.0-M1 <=3.10.0) +4 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =4.5.0 Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777841...

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

CVE-2025-54309

CVE-2025-54309 affects CrushFTP 10.x prior to 10.8.5 and 11.x prior to 11.3.4_23. The flaw resides in AS2 validation/HTTP session handling (DMZ proxy handling) that can let remote attackers gain admin access via HTTPS, historically exploited in the wild around July 2025. Multiple public PoCs/expl...

EUVD-2025-21909

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...