Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: crushftp Clear
ID Title
CVE-2025-54309 KEV [KEV] Vulnerability in crushftp (CVE-2025-54309)
vulnerability in crushftp (CVE-2025-54309). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-31161 KEV [KEV] Vulnerability in crushftp (CVE-2025-31161)
vulnerability in crushftp (CVE-2025-31161). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Listed in CISA KEV — actively exploited.
CVE-2024-4040 KEV [KEV] Vulnerability in crushftp (CVE-2024-4040)
vulnerability in crushftp (CVE-2024-4040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
CVE-2017-14035 CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
CVE-2017-14036 CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CVE-2017-14037 CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
CVE-2017-14038 CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →