CVE-2025-11235

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...

CVE-1999-0250

Denial of service in Qmail through long SMTP commands...

CVE-1999-0011

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer...

CVE-1999-0473

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred...

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the...

CVE-2019-12769

SolarWinds Serv-U Managed File Transfer MFT Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters...

CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 14.0.11, 2022.1.12 14.1.12, 2023.0.9 15.0.9, 2023.1.4 15.1.4, a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which result...

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

PT-2026-2205

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure encryption method, allowing an attacker intercepting the we...

Progress MOVEit Transfer 安全漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from unverified password changes. The following versions are affected: version 2023.1.0 through versions prior to 2023.1.3, version 2023.0.0...

Linux Distros Unpatched Vulnerability : CVE-2025-15079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present ...

CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...

CVE-2025-11235

Progress MOVEit Transfer on Windows REST API modules is affected by an unverified password change vulnerability. Affected versions include MOVEit Transfer 2022.0.0–2022.0.10, 2022.1.0–2022.1.11, 2023.0.0–2023.0.8, and 2023.1.0–2023.1.3. The issue is documented across multiple sources (including R...

CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...

Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...