Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-784 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:49 p.m.63 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:49 p.m.17 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/02 1:12 a.m.9 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 9:15 p.m.10 views

Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
OSV
OSV
added 2026/07/01 9:15 p.m.7 views

MAL-2026-6723 Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
Fedora
Fedora
added 2026/06/19 1:1 a.m.17 views

[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.16 views

CVE-2026-48501

A flaw was found in GitHub CLI. The tool incorrectly includes authorization headers in API requests to TUF repository mirrors when using commands such as gh attestation, gh release verify, and gh release verify-asset. This issue occurs because the shared HTTP client's authentication layer lacks...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.21 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 3:30 p.m.8 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 3:14 p.m.40 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 1:45 p.m.10 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 2:6 p.m.8 views

MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

5.8AI score
Exploits0References1
Fedora
Fedora
added 2026/05/11 1:2 a.m.13 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Fedora
Fedora
added 2026/05/10 2:55 a.m.12 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References1
Rows per page
Query Builder