12 matches found
EUVD-2026-29104
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359
Meari IoT Cloud uses Alibaba OSS for alert image storage; motion snapshots can be retrieved without authentication, signed URLs, or expiry enforcement. This affects motion alert images exposed as direct object references, with URLs remaining valid beyond expected windows. Root cause is lack of ac...
CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394
CVE-2025-2394 affects Ecovacs Home mobile apps (Android and iOS) up to version 3.3.0. The root cause is embedded Alibaba OSS access keys and secrets within the app, enabling potential sensitive data disclosure. The accompanying PT-2025-22570 advisory recommends removing or securely storing embedd...
PT-2025-22570 · Ecovacs · Ecovacs Home
Name of the Vulnerable Software and Affected Versions: Ecovacs Home Android and iOS Mobile Applications versions up to 3.3.0 Description: The issue concerns the disclosure of sensitive data due to embedded access keys and secrets for Alibaba Object Storage Service OSS in the Ecovacs Home mobile...
ECOVACS HOME 安全漏洞
ECOVACS HOME is a smart home management software from ECOVACS, China. A security vulnerability exists in ECOVACS HOME 3.3.0 and prior versions, which originates from embedding Alibaba Object Storage Service access keys and secrets, which could lead to sensitive data leakage...