Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

373 matches found

Redos
Redosadded 6 days ago5 views

ROS-20260529-73-0016

The vulnerability of the software for interacting with servers via CURL is related to the exposure of information. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through the PASV response...

4.3CVSS7.2AI score0.00083EPSS
Exploits0
OSV
OSVadded 2026/05/20 12:4 p.m.1 views

BIT-PYTHON-MIN-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00051EPSS
Exploits0References4
OSV
OSVadded 2026/05/15 2:1 p.m.4 views

OESA-2026-2321 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS5.9AI score0.00048EPSS
Exploits0References2
NVD
NVDadded 2026/05/13 9:16 p.m.5 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS0.00051EPSS
Exploits0References3
OSV
OSVadded 2026/05/13 9:16 p.m.1 views

DEBIAN-CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00051EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/13 9:16 p.m.6 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00051EPSS
Exploits0References5
Snyk
Snykadded 2026/05/13 9:14 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ftpcp function when it processes server-supplied PASV host addresses without verifying them against the actual peer address. An attacker can cause connections to arbitrary hosts by supplying a...

5.9CVSS5.9AI score0.00051EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/13 8:14 p.m.2 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS6.8AI score0.01086EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2026/05/13 8:14 p.m.4 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00051EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/13 8:14 p.m.26 views

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS0.00051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...

5.8CVSS5.8AI score0.00632EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/05 3:45 p.m.36 views

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

5.9CVSS0.00129EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.2 views

Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a specified IP address and port. This potentially allows curl to extract information about services that would...

5.8CVSS6.7AI score0.00632EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/03/19 12:0 a.m.3 views

SUSE SLES12 Security Update : gvfs (SUSE-SU-2026:0916-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0916-1 advisory. - CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. - CVE-2026-28296: fixed by rejecting paths containing CR/...

4.3CVSS5.9AI score0.00094EPSS
Exploits2References7
SUSE Linux
SUSE Linuxadded 2026/03/18 7:47 a.m.3 views

Security update for gvfs

This update for gvfs fixes the following issues: CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. CVE-2026-28296: fixed by rejecting paths containing CR/LF characters bsc1258954. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

7.3CVSS5.8AI score0.00094EPSS
Exploits2References8
Slackware Linux
Slackware Linuxadded 2026/02/28 11:29 p.m.4 views

[slackware-security] gvfs

New gvfs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gvfs-1.48.1-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: ftp: Use control connection address for PASV data. ftp:...

4.3CVSS6AI score0.00094EPSS
Exploits2
EUVD
EUVDadded 2026/02/26 6:31 p.m.3 views

EUVD-2026-8860

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.6AI score0.00048EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/26 3:33 p.m.5 views

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.6AI score0.00048EPSS
Exploits0References3
Packet Storm
Packet Stormadded 2026/02/20 12:0 a.m.102 views

📄 Solar FTP Server 2.1.1 PASV Denial of Service

Solar FTP Server version 2.1.1 PASV command denial of service proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Solar FTP Server 2.1.1 PASV Command - Deni...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : python27:2.7 (AXSA:2022-3551:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3551:01 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python: ftplib should not use the host from the PASV response...

8.2CVSS7.4AI score0.05428EPSS
Exploits3References6
Rows per page
Query Builder