227 matches found
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...
GHSA-HWJ7-4VGC-J3V9 Amazon S3 for Craft CMS has an Information Disclosure vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...
PT-2026-25817
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...
EUVD-2026-9509
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
NetApp ONTAP 安全漏洞
NetApp ONTAP is a proprietary operating system developed by the American network device company NetApp. It is used for storing disk arrays. NetApp ONTAP 9.12.1 and later versions have security vulnerabilities, which stem from improper access control of S3 NAS buckets, potentially leading to...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
CVE-2026-22052
ONTAP 9.12.1+ with S3 NAS buckets is vulnerable to information disclosure. An authenticated attacker could view directory listings they lack permission for. Base CVSS 4.0/5.3 MEDIUM severity (PR:L, UI:N, VC:L). See NTAP advisory NTAP-20260304-0001 for details; exploitation status is not provided ...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
PT-2026-23079
Name of the Vulnerable Software and Affected Versions NetApp ONTAP versions 9.12.1 and higher Description An information disclosure issue exists in NetApp ONTAP S3 NAS buckets. A successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which th...
GHSA-76RV-2R9V-C5M6 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...
zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...
Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
refinance-poc
Refi-Ready POC This project is a Proof-of-Concept for a serve...
Insertion of Sensitive Information Into Sent Data
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the storage of HMAC keys and disclosure through the DescribeTrainingJob API. An attacker ca...
CVE-2023-54310
In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlanremove due to race condition mptlanprobe calls mptregisterlandevice which initializes the &priv-postbucketstask workqueue. A call to mptlanwakepostbucketstask will subsequent...
Privilege Escalation
github.com/minio/minio is vulnerable to privilege escalation. The vulnerability is due to improper IAM session-policy validation, where restricted service or STS accounts can bypass inline policy checks when creating new service accounts, which allows an attacker to escalate privileges and gain...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989854)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989854 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft...