Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 2025/10/07 8:15 a.m.13 views

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...

10CVSS8.8AI score0.99614EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14216

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2025/04/28 9:15 p.m.23 views

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

4.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/28 8:55 p.m.27 views

CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

3.5CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 8:55 p.m.67 views

CVE-2025-0049

CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...

4.3CVSS4.1AI score0.00213EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.6 views

PT-2025-18117 · Unknown · Goanywhere

Name of the Vulnerable Software and Affected Versions: GoAnywhere versions prior to 7.8.0 Description: The issue occurs when a web user without create permission on subfolders attempts to upload a file to a non-existent directory. In this scenario, the error message includes the absolute server...

4.3CVSS6.5AI score0.00213EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.4 views

PT-2025-18116 · Fortra · Goanywhere

Name of the Vulnerable Software and Affected Versions: Fortra's GoAnywhere versions prior to 7.8.0 Description: The issue is related to missing input validation in certain features of the Web Client, allowing an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript int...

6.3CVSS5.6AI score0.00182EPSS
Exploits0References10
Rows per page
Query Builder