Lucene search
K

32 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.12 views

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:39 p.m.10 views

CVE-2026-44308

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software2
Fedora
Fedora
added 2026/05/11 1:2 a.m.12 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Securelist
Securelist
added 2026/05/04 10:0 a.m.11 views

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

5.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2026/04/07 1:0 p.m.6 views

Scale Smarter: A Practical Guide to Building with Akamai Object Storage

Akamai Object Storage provides high-performance, cost-effective Amazon S3–compatible object storage. Here's what it's used for and how to set it up...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2026-34750

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 12:31 a.m.4 views

EUVD-2026-16424

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 9:5 a.m.4 views

BIT-CEPH-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

6.1CVSS6.7AI score0.01525EPSS
Exploits0References8
OSV
OSV
added 2026/03/10 6:28 p.m.4 views

GO-2026-4591 Rancher Backup Operator pod's logs leak S3 tokens in github.com/rancher/backup-restore-operator

Rancher Backup Operator pod's logs leak S3 tokens in github.com/rancher/backup-restore-operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

6.8CVSS5.8AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7651

Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon sns, and export API endpoints. Recommendations Apply updates to address the issu...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References8
OSV
OSV
added 2026/02/02 8:42 a.m.2 views

BIT-DISCOURSE-2025-66488 Discourse allows script execution in uploaded HTML/XML files on S3

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

6.1CVSS5.3AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 9:15 p.m.5 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS0.00094EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 8:20 p.m.3 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS6.4AI score0.00094EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

6CVSS6.4AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-40064

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43649

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00672EPSS
Exploits1References3
CNVD
CNVD
added 2025/07/23 12:0 a.m.4 views

WordPress SMTP for Amazon SES SQL Injection Vulnerability

WordPress SMTP for Amazon SES is a plugin or configuration solution for sending emails via Amazon Simple Email Service in WordPress sites. WordPress SMTP for Amazon SES suffers from a SQL injection vulnerability that stems from improper input neutralization, and no detailed vulnerability details...

7.6CVSS8.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.6 views

CVE-2015-9506

The Easy Digital Downloads EDD Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/03/03 5:26 p.m.32 views

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Threat actors are targeting Amazon Web Services AWS environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 short for a threat group with...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/02/22 12:0 a.m.3 views

WordPress plugin SMTP for Amazon SES 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.2CVSS8.2AI score0.00459EPSS
Exploits0References6
Rows per page
Query Builder