CVE-2025-14362

Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

DEBIAN-CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing bsc1259554 Added x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh...

SUSE-SU-2026:1525-1 Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing bsc1259554 - Added x8664v2 as a possible rpm package architecture - Make users with backslash working for salt-s...

Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Backport security patch for Salt vendored tornado bsc1259554: CVE-2026-31958: Add limits on multipart form data parsing Add x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh bsc1254629 Fix...

SUSE-SU-2026:1523-1 Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Backport security patch for Salt vendored tornado bsc1259554: CVE-2026-31958: Add limits on multipart form data parsing - Add x8664v2 as a possible rpm package architecture - Make users with backslash working for salt-ssh bsc1254629 - Fi...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings uyuni-tools: Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key file...

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

PT-2026-33975

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

Ericsson Erlang 安全漏洞

Ericsson Erlang is a general-purpose concurrent programming language developed by the Swedish company Ericsson. There is a security vulnerability in Ericsson Erlang, which stems from improper path restrictions in the sshsftpd module. This vulnerability allows authenticated SFTP users to modify fi...

PT-2026-33978

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

Debian dla-4535 : openssh-client - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4535 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/...

Exploit for CVE-2026-4631

CVE-2026-4631 — Code Analysis Cockpit: Unauthenticated Rem...

CVE-2026-31927 Anviz CX7 Firmware Relative Path Traversal

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

ctf-writeups-Doli1

🛡️ Doli 1 — CTF Writeup VulnHub VAPT Report For...