15 matches found
EUVD-2026-41557
A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915
SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of dynamic group paths when placeholders such as %username% are used. An attacker can gain unauthorized access to parent directories by creating a specially crafted username containing relative path...
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...
GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...
SFTPGo 路径遍历漏洞
SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...
PT-2026-25355
Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...
SUSE-SU-2022:3382-1 Security update for permissions
This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths bsc1203018. - Add capability for prometheus-blackboxexporter bsc1191194. - Make btmp root:utmp bsc1050467...