Lucene search
K

1042 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/26 10:40 p.m.4 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 10:40 p.m.3 views

CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.6 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained security vulnerabilities; these vulnerabilities stemmed from the exploitation of specially crafted bucket backups, which could lead to denial-of-service attacks...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References2
Veracode
Veracode
added 2026/03/25 8:50 a.m.6 views

Missing Cryptographic Key Commitment

aws/aws-sdk-php is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper handling of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decryp...

6CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.4 views

SUSE CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest - which may be files that they have also...

9.3CVSS6AI score0.00402EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/24 10:58 a.m.8 views

Missing Cryptographic Key Commitment

github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...

6CVSS7.3AI score0.00094EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2026/03/24 8:47 a.m.12 views

Missing Cryptographic Key Commitment

software.amazon.encryption.s3, amazon-s3-encryption-client-java is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3...

6CVSS5.8AI score0.00103EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/20 11:0 p.m.23 views

CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

2.1CVSS0.00173EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:0 p.m.5 views

CVE-2026-33221

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

2.1CVSS5.8AI score0.00173EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/20 11:0 p.m.11 views

CVE-2026-33221

CVE-2026-33221 affects the Nhost storage upload component. Before v0.12.0, the storage service trusts the client-provided Content-Type header and does not perform server-side MIME type detection, enabling an attacker to upload files with arbitrary MIME types and bypass MIME-type-based bucket rest...

5.3CVSS5.8AI score0.00173EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/18 6:16 a.m.3 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS0.00348EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 4:53 a.m.3 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 4:53 a.m.33 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS0.00348EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 4:53 a.m.10 views

CVE-2026-32268

CVE-2026-32268 concerns the Azure Blob Storage for Craft CMS plugin. In 2.x releases before 2.1.1, unauthenticated users can view a list of buckets the plugin can access through the DefaultController->actionLoadContainerData() endpoint when presenting a valid CSRF token. This can disclose sens...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 4:53 a.m.2 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 4:53 a.m.8 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 4:17 a.m.4 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS0.00344EPSS
Exploits0References2
Rows per page
Query Builder