Lucene search
K

15 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-41557

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.9 views

CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 10:36 p.m.21 views

CVE-2026-22731 Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

8.2CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 10:36 p.m.4 views

CVE-2026-22731 Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

8.2CVSS5.8AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 7:4 p.m.6 views

CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:4 p.m.5 views

CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/13 7:4 p.m.16 views

CVE-2026-30915

SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/13 7:4 p.m.9 views

CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/13 6:56 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of dynamic group paths when placeholders such as %username% are used. An attacker can gain unauthorized access to parent directories by creating a specially crafted username containing relative path...

6.9CVSS6.3AI score0.00309EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.7 views

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/13 6:56 p.m.5 views

GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

6.9CVSS5.8AI score0.00309EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

SFTPGo 路径遍历漏洞

SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...

5.3CVSS7.3AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25355

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...

9.9CVSS7.1AI score0.22162EPSS
Exploits68References135
OSV
OSV
added 2022/09/26 10:34 a.m.6 views

SUSE-SU-2022:3382-1 Security update for permissions

This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths bsc1203018. - Add capability for prometheus-blackboxexporter bsc1191194. - Make btmp root:utmp bsc1050467...

4.4CVSS4.7AI score0.00139EPSS
Exploits0References5
Rows per page
Query Builder