📦 Crushftp

This vulnerability in CrushFTP allows remote attackers to bypass AS2 validation and gain administrative access via HTTPS when the DMZ proxy feature is not used. It affects CrushFTP servers running vul...

This critical authentication bypass vulnerability in CrushFTP allows unauthenticated attackers to gain administrative access by exploiting a race condition and header manipulation in the AWS4-HMAC aut...

This vulnerability in CrushFTP allows attackers to bypass password reset mechanisms, potentially leading to complete account takeover. It affects CrushFTP 10 versions before 10.8.3 and CrushFTP 11 ver...

CVE-2024-4040 is a critical server-side template injection vulnerability in CrushFTP that allows unauthenticated attackers to read files outside the sandbox, bypass authentication to gain admin access...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in CrushFTP's file sharing feature where malicious filenames are reflected in email bodies without proper sanitization. Attackers can inje...

CVE-2025-63420 is a stored HTML injection vulnerability in CrushFTP11's admin panel that allows attackers to inject malicious HTML into the 'Who Created Folder' report. This enables persistent HTML ex...

CVE-2025-32103 is a directory traversal vulnerability in CrushFTP that allows attackers to bypass SecurityManager restrictions and read files accessible via SMB UNC share paths. This affects CrushFTP ...