Lucene search
+L

227 matches found

cvelist
cvelist
added 2026/03/18 3:46 a.m.28 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS0.00344EPSS
Exploits0References2
snyk
snyk
added 2026/03/16 6:13 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
osv
osv
added 2026/03/16 6:13 p.m.4 views

GHSA-HWJ7-4VGC-J3V9 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/16 12:0 a.m.9 views

PT-2026-25817

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References9
euvd
euvd
added 2026/03/05 12:31 a.m.7 views

EUVD-2026-9509

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

5.3CVSS5.9AI score0.00192EPSS
Exploits0References2
nvd
nvd
added 2026/03/05 12:15 a.m.8 views

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

5.3CVSS0.00192EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/03/05 12:0 a.m.9 views

NetApp ONTAP 安全漏洞

NetApp ONTAP is a proprietary operating system developed by the American network device company NetApp. It is used for storing disk arrays. NetApp ONTAP 9.12.1 and later versions have security vulnerabilities, which stem from improper access control of S3 NAS buckets, potentially leading to...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/04 11:22 p.m.30 views

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

5.3CVSS0.00192EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/04 11:22 p.m.4 views

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
cve
cve
added 2026/03/04 11:22 p.m.32 views

CVE-2026-22052

ONTAP 9.12.1+ with S3 NAS buckets is vulnerable to information disclosure. An authenticated attacker could view directory listings they lack permission for. Base CVSS 4.0/5.3 MEDIUM severity (PR:L, UI:N, VC:L). See NTAP advisory NTAP-20260304-0001 for details; exploitation status is not provided ...

5.3CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/03/04 11:22 p.m.8 views

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

5.3CVSS5.9AI score0.00192EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/04 12:0 a.m.14 views

PT-2026-23079

Name of the Vulnerable Software and Affected Versions NetApp ONTAP versions 9.12.1 and higher Description An information disclosure issue exists in NetApp ONTAP S3 NAS buckets. A successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which th...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References8
osv
osv
added 2026/02/25 10:31 p.m.8 views

GHSA-76RV-2R9V-C5M6 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

4.3CVSS5.5AI score0.00228EPSS
Exploits0References5
github
github
added 2026/02/25 10:31 p.m.7 views

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References5Affected Software1
github
github
added 2026/02/20 9:31 p.m.14 views

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS6AI score0.00438EPSS
Exploits1References4Affected Software1
githubexploit
githubexploit
added 2026/02/20 3:28 p.m.153 views

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

5.5AI score
Exploits0
snyk
snyk
added 2026/02/02 11:33 p.m.2 views

Insertion of Sensitive Information Into Sent Data

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the storage of HMAC keys and disclosure through the DescribeTrainingJob API. An attacker ca...

9.1CVSS6.1AI score0.00455EPSS
Exploits0References3
nvd
nvd
added 2025/12/30 1:16 p.m.16 views

CVE-2023-54310

In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlanremove due to race condition mptlanprobe calls mptregisterlandevice which initializes the &priv-postbucketstask workqueue. A call to mptlanwakepostbucketstask will subsequent...

0.00185EPSS
Exploits0References8
veracode
veracode
added 2025/12/08 9:45 a.m.7 views

Privilege Escalation

github.com/minio/minio is vulnerable to privilege escalation. The vulnerability is due to improper IAM session-policy validation, where restricted service or STS accounts can bypass inline policy checks when creating new service accounts, which allows an attacker to escalate privileges and gain...

8.1CVSS7.5AI score0.00515EPSS
Exploits1References7Affected Software1
nessus
nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989854 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft...

5.5CVSS6.1AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder