2 matches found
PT-2026-36613
Name of the Vulnerable Software and Affected Versions CrushFTP Enterprise Managed File Transfer versions prior to 11.1.0 Description An unauthenticated remote code execution flaw exists due to a Server-Side Template Injection SSTI—a vulnerability where a server improperly processes user-supplied...
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...