DEBIAN-CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control in the transfer process. An attacker can retrieve unauthorized zone contents by exploiting the incorrect selection of access control list stanzas when both parent and subzone rules ar...

CVE-2026-41180

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

ROS-20260410-73-0014

A vulnerability in the cURL server communication software is related to insufficient protection of registration data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15953339...

CVE-2018-25254

CVE-2018-25254 affects NICO-FTP 3.0.1.19. The vulnerability is a structured exception handler (SEH) buffer overflow in the FTP service that allows remote code execution when an attacker sends crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handle...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

🧨 Metasploitable 2 Penetration Testing Lab 📅 Duration 2026...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-27699 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-27699 Source advisory: SNYK:JS-BASICFTP-15366428...

CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 14.0.11, 2022.1.12 14.1.12, 2023.0.9 15.0.9, 2023.1.4 15.1.4, a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which result...

CVE-2025-14267

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

EUVD-2025-201922

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

EUVD-2018-18437

Malware in sbrugna...

EUVD-2020-27979

Malware in sbrugna...

EUVD-2007-1898

Malware in sbrugna...

EUVD-2012-5943

Malware in sbrugna...

EUVD-2014-3323

Malware in sbrugna...

EUVD-2009-3093

Malware in sbrugna...

EUVD-2019-8215

Malware in sbrugna...

EUVD-2016-1709

Malware in sbrugna...

EUVD-1999-1326

Malware in sbrugna...