CVE-2026-44403

< 8.1.3

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism

7.2HIGH

CVE-2020-37079

< 6.2.7

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interf

4.3MEDIUM

CVE-2019-25267

all versions

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary

7.8HIGH

CVE-2020-37032

all versions

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users

8.8HIGH

CVE-2025-47813

< 7.4.4

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value

4.3MEDIUM

CVE-2025-47812

< 7.4.4

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrar

10.0CRITICAL

CVE-2025-47811

< 7.4.4

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by d

4.1MEDIUM

CVE-2025-27889

< 7.4.4

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing

3.4LOW

CVE-2025-5196

< 7.4.4

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unk

6.6MEDIUM

CVE-2023-37881

<= 7.2.0

Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7

4.9MEDIUM

CVE-2023-37879

<= 7.2.0

Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects W

6.5MEDIUM

CVE-2023-37878

<= 7.2.0

Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Ser

6.1MEDIUM

CVE-2023-37875

<= 7.2.0

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects

3.0LOW

CVE-2020-27735

all versions

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, l

6.1MEDIUM

CVE-2020-9470

<= 6.2.5

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies,

7.8HIGH

CVE-2020-8635

all versions

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files

7.8HIGH

CVE-2020-8634

all versions

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management i

7.8HIGH

CVE-2015-4108

<= 4.4.6

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the au

CVE-2012-4729

<= 4.0.9

Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.

CVE-2010-2428

<= 3.5.0

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3