EUVD-2026-24129

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

EUVD-2026-24128

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

CVE-2025-31958

HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...

CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

CVE-2026-32147

Technical details about affected products/versions and remediation are not provided in the supplied documents; monitor for updates.

EEF-CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon ssh\sftpd stores the raw, user-supplied path i...

SUSE-SU-2026:21250-1 Security update for openvswitch

This update for openvswitch fixes the following issue: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273...

PT-2026-33974

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

Oracle PeopleSoft Enterprise HCM Human Resources 安全漏洞

Oracle PeopleSoft Enterprise HCM Human Resources is a human resources management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Human Resources contains a security vulnerability. This vulnerability stems from issues with the Job Profile Manager component,...

Oracle PeopleSoft Enterprise FIN Maintenance 安全漏洞

Oracle PeopleSoft Enterprise FIN Maintenance is a corporate financial maintenance and management module developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Maintenance contains a security vulnerability. This vulnerability stems from issues with the Work Order Manageme...

Oracle PeopleSoft Enterprise FIN Contracts 安全漏洞

Oracle PeopleSoft Enterprise FIN Contracts is an enterprise contract financial management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Contracts contains a security vulnerability. This vulnerability stems from issues with the Contracts component, which m...