Lucene search
K

1037 matches found

Cvelist
Cvelist
added 2026/04/22 12:49 a.m.29 views

CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS0.00418EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013818)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013818 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In htabmaplookupanddeletebatch if...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34559

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.94 Description Four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a check permissions helper that validates authentication but fails to perform admin-action authorization...

8.3CVSS5.2AI score0.00293EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

8.8CVSS5.9AI score0.00418EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011161 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In htabmaplookupanddeletebatch if...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/14 8:6 p.m.96 views

CloudStorageHunter-Pro

🔥 CloudStorageHunter-Pro 🚀 Ultimate Cloud Storage Security...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/14 12:4 a.m.3 views

Missing Authentication for Critical Function

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PutObjectExtractHandler, PutObjectHandler, and PutObjectPartHandler function. An...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 3:31 p.m.1 views

EUVD-2026-21941

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...

5.8AI score0.00114EPSS
Exploits0References7
NVD
NVD
added 2026/04/13 2:16 p.m.5 views

CVE-2026-31418

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...

5.5CVSS0.00114EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/13 1:21 p.m.26 views

CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...

0.00114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/13 1:21 p.m.3 views

CVE-2026-31418

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...

5.9AI score0.00114EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where the mtype del function fails to drop logically empty buckets. The function counts empty slots below n-pos in k, but only drops the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References36
Github Security Blog
Github Security Blog
added 2026/04/08 12:15 a.m.6 views

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/08 12:15 a.m.5 views

GHSA-MX42-J6WV-PX98 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

5.3CVSS5.8AI score0.00201EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/07 6:58 p.m.2 views

CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 6:58 p.m.18 views

CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS0.00201EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 6:58 p.m.18 views

CVE-2026-39360

RustFS contains an authorization bypass in the multipart copy path (UploadPartCopy) prior to alpha.90. A low-privileged user who cannot read objects from a victim bucket can exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload, breaking ...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/07 2:58 p.m.1 views

GO-2026-4886 Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus

Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/31 10:59 a.m.3 views

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2026-17077

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder