CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/31 1:32 a.m.•17 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00267EPSS

Exploits0References3

OSV•added 2026/05/29 3:30 p.m.•7 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.00267EPSS

Cvelist•added 2026/05/29 3:14 p.m.•34 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS0.00267EPSS

OSV•added 2026/05/22 1:45 p.m.•6 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score

OSV•added 2026/05/20 2:6 p.m.•6 views

MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

5.8AI score

Fedora•added 2026/05/11 1:2 a.m.•10 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.35437EPSS

Exploits2

Fedora•added 2026/05/10 2:55 a.m.•8 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.35437EPSS

Exploits2

RedhatCVE•added 2026/03/26 3:3 p.m.•5 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

NVD•added 2026/03/18 6:16 a.m.•3 views

CVE-2026-32268

8.7CVSS0.00348EPSS

Vulnrichment•added 2026/03/18 4:53 a.m.•3 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Cvelist•added 2026/03/18 4:53 a.m.•33 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

8.7CVSS0.00348EPSS

ATTACKERKB•added 2026/03/18 4:53 a.m.•2 views

CVE-2026-32268

Exploits0References3Affected Software1

CVE•added 2026/03/18 4:53 a.m.•8 views

CVE-2026-32268

CVE-2026-32268 concerns the Azure Blob Storage for Craft CMS plugin. In 2.x releases before 2.1.1, unauthenticated users can view a list of buckets the plugin can access through the DefaultController->actionLoadContainerData() endpoint when presenting a valid CSRF token. This can disclose sens...

OSV•added 2026/03/18 4:53 a.m.•7 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

8.7CVSS5.9AI score0.00348EPSS

CNNVD•added 2026/03/18 12:0 a.m.•6 views

Azure Blob Storage for Craft CMS 安全漏洞

Azure Blob Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Azure Blob Storage for Craft CMS prior to version 2.1.1 contained security vulnerabilities. These vulnerabilities stemmed from improper access control at the...

Github Security Blog•added 2026/03/16 6:44 p.m.•8 views

Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

Exploits0References4Affected Software1

OSV•added 2026/03/16 6:44 p.m.•3 views

GHSA-Q6FM-P73F-X862 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Snyk•added 2026/03/16 6:44 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the actionLoadContainerData endpoint. An attacker can access sensitive bucket information by sending unauthenticated requests with a valid CSRF token. Because error messages may also reveal sensitive data,...