1037 matches found
CVE-2026-32265
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
CVE-2026-32266
The CVE concerns the Google Cloud Storage for Craft CMS plugin (Craft CMS). On the 2.x branch, versions prior to 2.2.1 expose information via DefaultController->actionLoadBucketData() such that unauthenticated users with a valid CSRF token can view the list of buckets the plugin can access. Th...
CVE-2026-32266
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
CVE-2026-32265
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
CVE-2026-32265
Summary (CVE-2026-32265) : The Craft CMS AWS S3 plugin (craftcms/aws-s3) versions 2.0.2–2.2.4 expose an information-disclosure flaw. The endpoint BucketsController->actionLoadBucketData() permits unauthenticated users who provide a valid CSRF token to view the bucket list the plugin can access...
CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
Google Cloud Storage for Craft CMS 信息泄露漏洞
Google Cloud Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Google Cloud Storage for Craft CMS prior to version 2.2.1 had a vulnerability related to information leakage. This vulnerability stemmed from improper access control at the...
Amazon S3 for Craft CMS 信息泄露漏洞
Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the actionLoadContainerData endpoint. An attacker can access sensitive bucket information by sending unauthenticated requests with a valid CSRF token. Because error messages may also reveal sensitive data,...
GHSA-Q6FM-P73F-X862 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to...
GHSA-67CR-JMH8-4JPQ Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to...
Amazon S3 for Craft CMS has an Information Disclosure vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...
CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...