VYPR
Vendor

Drakkan

Products
1
CVEs
8
Across products
9
Status
Private

Products

1

Recent CVEs

8
  • CVE-2022-36071HigSep 2, 2022
    risk 0.54cvss 8.3epss 0.00

    SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost,…

  • CVE-2025-24366HigFeb 7, 2025
    risk 0.42cvss 7.5epss 0.01

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it…

  • CVE-2022-39220MedSep 20, 2022
    risk 0.33cvss 6.1epss 0.01

    SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

  • CVE-2024-37897MedJun 20, 2024
    risk 0.28cvss 5.4epss 0.00

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the…

  • CVE-2024-52801MedNov 29, 2024
    risk 0.27cvss epss 0.00

    sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since…

  • CVE-2024-52309MedNov 21, 2024
    risk 0.26cvss epss 0.01

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature…

  • CVE-2026-30915Mar 13, 2026
    risk 0.00cvss epss 0.00

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key…

  • CVE-2026-30914Mar 13, 2026
    risk 0.00cvss epss 0.01

    SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft…