Lucene search
K

1037 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25818

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25817

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25843

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References7
NVD
NVD
added 2026/03/11 9:16 p.m.3 views

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

7.6CVSS0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.4 views

CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 5:40 p.m.2 views

CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS0.00297EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.1 views

Vertex AI Experiments Bucket Squatting Defensive Scanner

The Vertex AI Bucket Squatting Defensive Scanner is a security assessment tool designed to detect potential Google Cloud Storage bucket hijacking risks related to predictable naming patterns in Vertex AI experiment workflows. Instead of exploiting the vulnerability, this defensive version perform...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.136 views

📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

7.7CVSS5.8AI score0.00438EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Bucket 跨站脚本漏洞

Bucket is a structured data storage extension for MediaWiki developed by Weird Gloop. Versions of Bucket prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the PAGE type field containing stored cross-site scripts, which could allow malicious scripts to ...

8.8CVSS5.6AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2026/03/09 10:50 p.m.10 views

CVE-2026-30917

Bucket is a MediaWiki extension for structured data. Before version 2.1.1, there is a stored XSS in any Bucket table field with a PAGE type that executes when users view the corresponding Bucket namespace page. The issue is fixed in 2.1.1. Affected software: MediaWiki Bucket extension; vulnerable...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:50 p.m.2 views

CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/09 10:50 p.m.38 views

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/09 10:50 p.m.2 views

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 10:50 p.m.3 views

EUVD-2026-10427

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 10:50 p.m.5 views

EUVD-2026-10426

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2026/03/09 10:50 p.m.4 views

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS5.9AI score0.00297EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/09 1:20 p.m.2 views

CVE-2026-30827

A flaw was found in express-rate-limit. The default key generator incorrectly applies IPv6 subnet masking to IPv4-mapped IPv6 addresses, which are used when an IPv4 client connects to a dual-stack server. This misconfiguration causes all IPv4 traffic to be treated as a single entity for rate...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References5
OSV
OSV
added 2026/03/09 8:50 a.m.8 views

CLSA-2026-1773046198 kernel: Fix of 31 CVEs

smb3: fix for slab out of bounds on mount to ksmbd CVE-2025-38728 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too CVE-2025-38729 - net: atm: fix /proc/net/atm/lec handling CVE-2025-38180 - tcpbpf:...

7.8CVSS7AI score0.0033EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.13 views

PT-2026-24147

Name of the Vulnerable Software and Affected Versions Bucket versions prior to 2.1.1 Description Bucket is a MediaWiki extension used to store and retrieve structured data on articles. A stored cross-site scripting XSS issue exists that allows malicious code to be inserted into any Bucket table...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References5
NVD
NVD
added 2026/03/07 6:16 a.m.7 views

CVE-2026-30827

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS0.00455EPSS
Exploits1References2
Rows per page
Query Builder