667 matches found
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...
CVE-2026-49193
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-49193
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-49193
Technical details about CVE-2026-49193 are not publicly available in the provided documents; monitor for updates from official sources.
EUVD-2026-34212
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
PT-2026-46151
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
DEBIAN-CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
CVE-2022-31231
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
Dell ECS 访问控制错误漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...
Malicious code in @sec-loans-ui/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...
CVE-2026-42295
A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 Simple Storage Service access keys, GCS Google Cloud Storage service account keys, Azure...
Secret Key Exposure
Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...
CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...
EUVD-2026-30040
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...
EUVD-2026-30041
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...
CVE-2026-6282
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...
CVE-2026-6281
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...