CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

CVE-2026-44618

Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

OESA-2026-1032 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

EUVD-2014-4213

Malware in sbrugna...

EUVD-2024-48621

Malicious code in bioql PyPI...

CVE-2025-10275

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

CVE-2025-48039

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

FreeBSD : nginx -- worker process memory disclosure (eb03714d-79f0-11f0-b4c1-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb03714d-79f0-11f0-b4c1-ac5afc632ba3 advisory. F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might...

Buffer overread in the ngx_mail_smtp_module

Buffer overread in the ngxmailsmtpmodule Severity: low CVE-2025-53859 Not vulnerable: 1.29.1+ Vulnerable: 0.7.22-1.29.0...

CVE-2024-7744

In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has bee...

CVE-2024-9999

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999

CVE-2024-9999 affects Progress WS_FTP Server prior to version 8.8.9 (2022.0.9). The root cause is an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing bypass of the second-factor verification and login with username and password only. Impact described i...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

PT-2024-39990

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

CVE-2024-7744

In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...

CVE-2024-7745

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...