Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-2079

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00307EPSS
Exploits0References6
Veracode
Veracodeadded 2025/02/11 3:40 a.m.10 views

Improper Input Validation

github.com/drakkan/sftpgo is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of the client-provided rsync command, allowing an authenticated remote user to read or write files with the permissions of the SFTPGo server process...

7.5CVSS7.5AI score0.0067EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2025/02/07 10:47 p.m.18 views

GO-2025-3458 SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo

SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

7.5CVSS7.5AI score0.0067EPSS
Exploits0References2
NVD
NVDadded 2025/02/07 10:15 p.m.15 views

CVE-2025-24366

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

7.5CVSS0.0067EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/02/07 9:16 p.m.19 views

CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

7.5CVSS7.1AI score0.0067EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/02/05 10:48 p.m.11 views

CVE-2022-36071

SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP Time-based One Time Passwords as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged,...

8.3CVSS7.1AI score0.00422EPSS
Exploits1
Veracode
Veracodeadded 2025/01/03 3:20 a.m.9 views

Session Fixation

github.com/drakkan/sftpgo is vulnerable to a session Cookie Prediction vulnerability. The vulnerability is due to the predictable generation of session cookies using the xid library, which results in cookies that are unique but not cryptographically secure, allows an attacker to brute force sessi...

5.3CVSS6.7AI score0.00381EPSS
Exploits0References2Affected Software1
Veracode
Veracodeadded 2024/12/10 7:27 a.m.10 views

Unrestricted Script Execution

github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...

5.1CVSS7.2AI score0.00598EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder