CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1093 more potentially affected by CVE-2026-26278 via fast-xml-parser (>=5.0.1 <=5.3.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JS-FASTXMLPARSER-15307668...

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

Security update for eclipse-jgit

This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

git-annex 安全漏洞

git-annex is a git-annex open source tool for managing large files in Git repositories. A security vulnerability exists in git-annex versions prior to 3.20121126 through 5.20140919, which stems from unencrypted storage of AWS credentials embedded in S3 and Glacier remote storage...

PT-2022-20574 · Amazon +1 · Aws Sdk For Java +1

Name of the Vulnerable Software and Affected Versions: AWS SDK for Java versions prior to 1.12.261 Description: A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java. This issue allows a knowledgeable actor to...

django-s3file 路径遍历漏洞

django-s3file is a lightweight file upload input for Django and Amazon S3. A path traversal vulnerability exists in django-s3file versions prior to 5.5.1, which stems from the fact that django-s3file can traverse the entire AWS S3 storage bucket and in most cases access or delete files...

UBUNTU-CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

DEBIAN-CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

CVE-2020-2114

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...