CVE-2020-37032 — CVSS 8.8 (high): Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to…
CVE-2020-9470 — CVSS 7.8 (high): An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local…
CVE-2019-25267 — CVSS 7.8 (high): Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code…
CVE-2020-8634 — CVSS 7.8 (high): Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface…
CVE-2020-8635 — CVSS 7.8 (high): Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This…
CVE-2026-44403 — CVSS 7.2 (high): Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that…
CVE-2012-4729 — CVSS 6.8 (medium): Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.
CVE-2015-4108 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the…
CVE-2025-5196 — CVSS 6.6 (medium): A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2023-37879 — CVSS 6.5 (medium): Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP…
CVE-2020-27735 — CVSS 6.1 (medium): An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to…
CVE-2023-37878 — CVSS 6.1 (medium): Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <=…
CVE-2023-37881 — CVSS 4.9 (medium): Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.
CVE-2010-2428 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and…
CVE-2020-37079 — CVSS 4.3 (medium): Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that…
CVE-2025-47811 — CVSS 4.1 (medium): In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default…
CVE-2025-27889 — CVSS 3.4 (low): Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing…
CVE-2023-37875 — CVSS 3.0 (low): Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP…