1043 matches found
CVE-2026-2473
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2473
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2473
CVE-2026-2473 affects Google Cloud Vertex AI Experiments: version range 1.21.0 up to but not including 1.133.0. The issue arises from predictable Cloud Storage bucket names, enabling an unauthenticated remote attacker to perform cross-tenant remote code execution, model theft, and data poisoning ...
Google Cloud Vertex AI 安全漏洞
Google Cloud Vertex AI is a full-stack artificial intelligence platform developed by Google Inc. Versions of Google Cloud Vertex AI prior to 1.133.0 contained security vulnerabilities. These vulnerabilities stemmed from predictable bucket naming in Vertex AI Experiments, allowing unauthenticated...
PT-2026-21291
Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI versions 1.21.0 through 1.132.9 Description A flaw exists in Vertex AI Experiments within Google Cloud Vertex AI that could allow a remote, unauthenticated attacker to execute code, steal models, and poison data. This is...
Virtuozzo Hybrid Infrastructure 7.2 Hotfix 1 (7.2.0-254)
This update provides a security fix and stability fixes for the storage service. Vulnerability id: VSTOR-122723 Bucket object lock is removed after setting a bucket policy. Vulnerability id: VSTOR-123191 Archive files are not accessible if there are issues with replication. Vulnerability id:...
Improper Handling of Missing Special Element
Overview Affected versions of this package are vulnerable to Improper Handling of Missing Special Element in DecodeUnprotectedBucket in CoseMessage.cs. An attacker can gain unauthorized access or manipulate data by supplying a malicious payload that bypasses security mechanisms. Remediation...
OSV-2026-215 UNKNOWN READ in getTypeCacheHashTableBucket
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482748215 Crash type: UNKNOWN READ Crash state: getTypeCacheHashTableBucket usbd.h...
CVE-2026-1727
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
CVE-2025-15476
The CVE-2025-15476 affects the WordPress plugin The Bucketlister, specifically versions up to 0.1.5. The root cause is a missing capability check in the bucketlister_do_admin_ajax() function, allowing authenticated attackers with Subscriber-level access (and higher) to add, delete, or modify arbi...
CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification
The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2026-5560
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...
CVE-2026-1727
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
CVE-2026-1727
The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...
CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
Google Gemini Enterprise 安全漏洞
Google Gemini Enterprise is a generative AI platform developed by Google, Inc. of the United States. There is a security vulnerability in Google Gemini Enterprise, which stems from the use of predictable Google Cloud Storage bucket names. This vulnerability may allow attackers to preemptively tak...