CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

EUVD-2025-38247

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

EUVD-2025-38240

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

ALPINE-CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

AZL-69748 CVE-2025-10966 affecting package cmake 3.30.3-11

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

CVE-2025-10966

CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Monsta FTP 代码问题漏洞

Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.11 and earlier versions, which stems from allowing unauthenticated arbitrary file uploads and could lead to the...

curl: SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT

libcurl's SMTP implementation accepts CR \r and LF \n bytes in mailbox address inputs without validation. These control characters are inserted directly into SMTP commands, allowing attackers to inject arbitrary SMTP protocol commands. This enables envelope manipulation, adding unauthorized...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990577 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffer...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990507)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990507 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg ...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

CURL-CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Incorrect Authorization

Liferay Portal is vulnerable to Incorrect Authorization. The vulnerability is due to the Batch Engine failing to properly enforce permission checks for import and export tasks, which allows remote authenticated users to access exported data through the REST APIs...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989062)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989062 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989483 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989969)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989969 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic...