CLSA-2026-1779371406 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell injection in netrw via the tempfile suffix when reading sftp:// or file:// URLs by escaping the tempfile and restricting the suffix regex to word characters...

GHSA-67RW-2X62-MQQM Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

There was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies in the following scenario: The shares feature is used for the specific purpose of creating a share of just a single file inside a folder Either the FTP or SFTP server is enabled, and...

GHSA-8C39-XPPG-479C Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954

CVE-2025-68954 affects Pterodactyl’s SFTP subsystem where active SFTP sessions are not revoked when a user is removed or has permissions reduced. Multiple sources describe that credentials are checked at handshake, but not re-validated afterward, allowing a user who was connected to maintain acce...

EUVD-2019-16176

Malware in sbrugna...

EUVD-2025-5560

Malicious code in bioql PyPI...

PT-2025-27619 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to read and write OS files via SFTP connections. Account members of the Network Administrator profile can access the target machine via SFTP with the same...

Siemens SCALANCE LPE9403 Improper Limitation of a Pathname to a Restricted Directory (CVE-2025-27395)

Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. This plugin only works with Tenable.ot. Please visit...

GHSA-WC79-7X8X-2P58 MinIO allows an SFTP authentication bypass due to improperly trusted SSH key

Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...

CVE-2025-27414

A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...

PT-2025-9136 · Minio · Minio

Name of the Vulnerable Software and Affected Versions: MinIO versions RELEASE.2024-06-06T09-36-42Z through RELEASE.2025-02-28T09-55-16Z Description: A bug in MinIO's evaluation of the trust of the SSH key used in an SFTP connection allows authentication bypass and unauthorized data access. This...

SUSE CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

CVE-2017-12337

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade RU or...

PT-2017-3275 · Cisco · Cisco Voice Operating System

Name of the Vulnerable Software and Affected Versions: Cisco collaboration products based on the Cisco Voice Operating System software platform affected versions not specified Description: A vulnerability in the upgrade mechanism of Cisco collaboration products could allow an unauthenticated,...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

VLC was updated to version 2.1.3 bnc864422 : + Core : - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlcreaddir + Access : - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders : - Fix numerous issues M2TS,...

OpenSSH: sftp & bypassing keypair auth restrictions

OpenSSH: sftp-server & bypassing keypair auth restrictions Summary: If you 1 are using keypairs and /.ssh/authorizedkeys2 to enable remote execution of commands via OpenSSH's sshd and 2 have sshd configured to provide sftp service via the sftp-server subsystem, then clients who have access with...