CVE Tools

filezilla-project

Consumer Softwareoss-project

5

Cumulative CVEs

4

Monthly snapshots

#64

Peak rank

Top products

filezilla server1

Latest CVEs

The 14 most recently published vulnerabilities affecting filezilla-project.

CVE-2019-25683FileZilla 3.40.0 Denial of Service via Local Search6.2Apr 5, 2026
CVE-2023-53959FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll9.8Dec 19, 2025
CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especia...5.9Apr 15, 2024
CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
CVE-2016-15003FileZilla Client Installer uninstall.exe unquoted search path6.3Jul 18, 2022
CVE-2015-10003FileZilla Server PORT confused deputy4.3Jul 17, 2022
CVE-2022-29620FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability6.5Jun 7, 2022
CVE-2019-5429Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.7.8Apr 29, 2019
CVE-2014-0224OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a...7.4Jun 5, 2014
CVE-2014-0160The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from proces...KEV7.5Apr 7, 2014
CVE-2009-0884Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.4.3Mar 12, 2009
CVE-2006-6565FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference...4.0Dec 15, 2006
CVE-2005-0851FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings.5.0Mar 24, 2005
CVE-2005-0850FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.5.0Mar 24, 2005