CVE-2025-48039

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48039

CVE-2025-48039 affects Erlang OTP ssh_sftp module (lib/ssh/src/ssh_sftpd.erl) and can cause excessive resource consumption due to unverified paths from authenticated SFTP users. Public disclosures link multiple Linux distro advisories updating Erlang (e.g., openSUSE/SUSE SUSE-SU-2026:20043-1, SUS...

EEF-CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources

Summary Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OT...

CVE-2025-48038

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48038

CVE-2025-48038 affects Erlang OTP ssh (ssh_sftpd) with Allocation of Resources Without Limits or Throttling, causing excessive resource consumption. The issue is present across multiple OTP/erlang SSH versions (as detailed in the CVE entry) and is being addressed through vendor advisories and sec...

PT-2025-37162

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 through 27.3.4.3 Erlang OTP versions 27.3.4.3 Erlang OTP versions 28.0.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An Allocati...

PT-2025-37164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An uncontrolled resource consumption issue exists in...

CVE-2025-41664

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

WordPress plugin WP Import 安全漏洞

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

PT-2025-37006

Name of the Vulnerable Software and Affected Versions: WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.28 Description: The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to unauthorized data access. This is due to the absence of a capabili...

Linux Distros Unpatched Vulnerability : CVE-2023-5422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresu...

Linux Distros Unpatched Vulnerability : CVE-2024-6572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33,...

Linux Distros Unpatched Vulnerability : CVE-2025-6224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the netwo...

Linux Distros Unpatched Vulnerability : CVE-2020-7659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request...

Embedded Malicious Code

Overview @duckdb/node-bindings is a Node bindings to the DuckDB C API. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected...

Embedded Malicious Code

Overview duckdb is a Node.js API for DuckDB, the "SQLite for Analytics". The API for this client is somewhat compliant to the SQLite Node.js client for easier transition and transition you must eventually. Affected versions of this package are vulnerable to Embedded Malicious Code. This package...

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication NFC relay attacks to a sophisticated remote access trojan with Automated Transfer System ATS capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automat...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...