Lucene search
K

1043 matches found

NVD
NVD
added 2026/02/20 8:25 p.m.6 views

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS0.00438EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 7:39 p.m.23 views

CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS0.00438EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/20 7:39 p.m.5 views

CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS5.8AI score0.00438EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 7:39 p.m.4 views

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS6AI score0.00438EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/20 7:39 p.m.20 views

CVE-2026-2473

CVE-2026-2473 affects Google Cloud Vertex AI Experiments: version range 1.21.0 up to but not including 1.133.0. The issue arises from predictable Cloud Storage bucket names, enabling an unauthenticated remote attacker to perform cross-tenant remote code execution, model theft, and data poisoning ...

7.7CVSS6AI score0.00438EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.11 views

Google Cloud Vertex AI 安全漏洞

Google Cloud Vertex AI is a full-stack artificial intelligence platform developed by Google Inc. Versions of Google Cloud Vertex AI prior to 1.133.0 contained security vulnerabilities. These vulnerabilities stemmed from predictable bucket naming in Vertex AI Experiments, allowing unauthenticated...

7.7CVSS6.2AI score0.00438EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21291

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI versions 1.21.0 through 1.132.9 Description A flaw exists in Vertex AI Experiments within Google Cloud Vertex AI that could allow a remote, unauthenticated attacker to execute code, steal models, and poison data. This is...

7.7CVSS5.5AI score0.00438EPSS
Exploits1References13
Virtuozzo
Virtuozzo
added 2026/02/12 12:0 a.m.14 views

Virtuozzo Hybrid Infrastructure 7.2 Hotfix 1 (7.2.0-254)

This update provides a security fix and stability fixes for the storage service. Vulnerability id: VSTOR-122723 Bucket object lock is removed after setting a bucket policy. Vulnerability id: VSTOR-123191 Archive files are not accessible if there are issues with replication. Vulnerability id:...

9.8CVSS5.5AI score0.47621EPSS
Exploits7
Snyk
Snyk
added 2026/02/10 9:32 p.m.4 views

Improper Handling of Missing Special Element

Overview Affected versions of this package are vulnerable to Improper Handling of Missing Special Element in DecodeUnprotectedBucket in CoseMessage.cs‎. An attacker can gain unauthorized access or manipulate data by supplying a malicious payload that bypasses security mechanisms. Remediation...

8.7CVSS5.6AI score0.01015EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 12:7 a.m.4 views

OSV-2026-215 UNKNOWN READ in getTypeCacheHashTableBucket

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482748215 Crash type: UNKNOWN READ Crash state: getTypeCacheHashTableBucket usbd.h...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.9 views

CVE-2026-1727

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.4AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/02/07 8:26 a.m.18 views

CVE-2025-15476

The CVE-2025-15476 affects the WordPress plugin The Bucketlister, specifically versions up to 0.1.5. The root cause is a missing capability check in the bucketlister_do_admin_ajax() function, allowing authenticated attackers with Subscriber-level access (and higher) to add, delete, or modify arbi...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/07 8:26 a.m.4 views

CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/07 12:30 a.m.8 views

EUVD-2026-5560

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/07 12:9 a.m.7 views

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/06 10:16 p.m.5 views

CVE-2026-1727

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 9:44 p.m.27 views

CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 9:44 p.m.14 views

CVE-2026-1727

The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 9:44 p.m.7 views

CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.6AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.10 views

Google Gemini Enterprise 安全漏洞

Google Gemini Enterprise is a generative AI platform developed by Google, Inc. of the United States. There is a security vulnerability in Google Gemini Enterprise, which stems from the use of predictable Google Cloud Storage bucket names. This vulnerability may allow attackers to preemptively tak...

9.1CVSS5.8AI score0.00253EPSS
Exploits0References2
Rows per page
Query Builder