Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
OSV
OSV
added 2026/06/30 11:39 p.m.8 views

BIT-GHOST-2026-53948 Ghost: File Upload Content-Type Spoofing

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 8:36 p.m.29 views

CVE-2026-50136

Budibase prior to version 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The /api/attachments/:datasourceId/url route is protected only by recaptcha, allowing a caller with workspace and S3 datasource IDs t...

7.4CVSS5.8AI score0.0029EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52072

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint allows uploaded files to be served with an attacker-chosen content type when using S3 or GCS...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/04 6:17 a.m.9 views

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 3:48 a.m.13 views

EUVD-2026-28893

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00357EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/04 8:12 p.m.10 views

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

8.5CVSS7.3AI score0.00357EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.8 views

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

7.6CVSS5.8AI score0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 4:17 a.m.7 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.10 views

PT-2026-24112

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.4.5.0 through 2.9.0 Description Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, have a path traversal issue in the AWS S3 uploader implementation. Authenticated users can read arbitrary files from...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2026/02/17 9:30 p.m.8 views

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1095 more potentially affected by CVE-2026-26278 via fast-xml-parser (>=5.0.1 <=5.3.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JS-FASTXMLPARSER-15307668...

7.5CVSS5.7AI score0.00811EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.14 views

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

6CVSS6.4AI score0.00094EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 4:48 a.m.6 views

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

4.3CVSS6.9AI score0.00288EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2025/12/03 1:40 a.m.16 views

[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits1
Fedora
Fedora
added 2025/12/03 1:12 a.m.16 views

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits1
Fedora
Fedora
added 2025/12/03 12:59 a.m.12 views

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-4949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the...

6.8CVSS6.8AI score0.0104EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2025/08/12 12:45 p.m.3 views

Security update for eclipse-jgit

This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

4.8CVSS7AI score0.0104EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

git-annex 安全漏洞

git-annex is a git-annex open source tool for managing large files in Git repositories. A security vulnerability exists in git-annex versions prior to 3.20121126 through 5.20140919, which stems from unencrypted storage of AWS credentials embedded in S3 and Glacier remote storage...

7.5CVSS6.5AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.7 views

CVE-2023-22735

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

4.6CVSS7AI score0.00515EPSS
Exploits0References1
Rows per page
Query Builder