CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2025-14362

Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...

PT-2026-33975

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2026-4021

The CVE-2026-4021 entry documents an authentication bypass in the Contest Gallery WordPress plugin up through version 28.1.5. The root cause is a mismatch in the email-to-user-ID flow: users-registry-check-after-email-or-pin-confirmation.php uses the email string in a WHERE ID = %s clause instead...

EUVD-2025-201495

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

GitLab Trust Management Issues Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a trust management issue vulnerability that stems from allowing an...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

RHEL 2.1 : wu-ftpd (RHSA-2004:096)

An updated wu-ftpd package that fixes two security issues is now available. The wu-ftpd package contains the Washington University FTP File Transfer Protocol server daemon. FTP is a method of transferring files between machines. Glenn Stewart discovered a flaw in wu-ftpd. When configured with...