58 matches found
GHSA-GVRM-XH5G-W8V6 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-vmware...
GHSA-WFX4-V2WF-4GMP vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-vmware...
GHSA-MRV3-46FP-R6HH vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-vmware...
CVE-2026-53216 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-vmware...
CVE-2026-53203 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-vmware...
CVE-2026-31600 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
GHSA-4GX5-8RX4-VXMJ vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
UBUNTU-CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
GHSA-WGXF-R68R-7W9H vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
GHSA-G4VW-3HQ5-Q7GR vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
CVE-2025-38205 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
CVE-2026-23226 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
CVE-2026-23210 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-aws, linux-qemu, linux-azure, linux-vmware...
EUVD-2026-18019
Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints...
CVE-2026-34750
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...
CLEANSTART-2026-ZW38648 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-p77j-4mvh-x3m3 applied in versions: 1.12.2-r2, 1.12.2-r3
Multiple security vulnerabilities affect the velero-plugin-for-aws package. These issues are resolved in later releases. See references for individual vulnerability details...
Incorrect Authorization
Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Incorrect Authorization via the S3ApiService POST/PUT handlers in the S3 storage manager. An attacker can gain full S3 file management upload, delete, renam...
CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
EUVD-2026-9265
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
CVE-2023-52904 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-qemu-melange...