Lucene search
K

1037 matches found

NVD
NVD
added 2026/03/18 4:17 a.m.5 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 3:46 a.m.8 views

CVE-2026-32266

The CVE concerns the Google Cloud Storage for Craft CMS plugin (Craft CMS). On the 2.x branch, versions prior to 2.2.1 expose information via DefaultController->actionLoadBucketData() such that unauthenticated users with a valid CSRF token can view the list of buckets the plugin can access. Th...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:46 a.m.2 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 3:46 a.m.2 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 3:46 a.m.5 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:28 a.m.6 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 3:28 a.m.4 views

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 3:28 a.m.31 views

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 3:28 a.m.15 views

CVE-2026-32265

Summary (CVE-2026-32265) : The Craft CMS AWS S3 plugin (craftcms/aws-s3) versions 2.0.2–2.2.4 expose an information-disclosure flaw. The endpoint BucketsController->actionLoadBucketData() permits unauthenticated users who provide a valid CSRF token to view the bucket list the plugin can access...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 3:28 a.m.5 views

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

Google Cloud Storage for Craft CMS 信息泄露漏洞

Google Cloud Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Google Cloud Storage for Craft CMS prior to version 2.2.1 had a vulnerability related to information leakage. This vulnerability stemmed from improper access control at the...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Amazon S3 for Craft CMS 信息泄露漏洞

Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 6:44 p.m.10 views

Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/16 6:44 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the actionLoadContainerData endpoint. An attacker can access sensitive bucket information by sending unauthenticated requests with a valid CSRF token. Because error messages may also reveal sensitive data,...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 6:44 p.m.4 views

GHSA-Q6FM-P73F-X862 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 6:14 p.m.10 views

Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/16 6:14 p.m.4 views

GHSA-67CR-JMH8-4JPQ Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 6:13 p.m.8 views

Amazon S3 for Craft CMS has an Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/16 6:13 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 6:3 p.m.29 views

CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

7.5CVSS0.00242EPSS
Exploits0References2
Rows per page
Query Builder