117 matches found
CVE-2026-28377
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-33469
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...
CVE-2026-32890
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-32890
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
CVE-2026-32890
Anchorr (Discord bot) has a stored XSS in the web dashboard (User Mapping dropdown) affecting versions ≤ 1.4.1. An unprivileged Discord user in the same guild can execute arbitrary JavaScript in the admin’s browser. Coupled with GET /api/config (which returns plaintext secrets), an attacker can e...
PT-2026-26545
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...
CVE-2026-31861
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861
CVE-2026-31861 affects Cloud CLI (Claude Code UI). The /api/user/git-config endpoint interpolates user-supplied gitName/gitEmail into shell commands executed via child_process.exec(), placing input inside double quotes with only " escaped. Bash will still interpret backticks, $() substitutions, a...
Cloud CLI 代码注入漏洞
Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...
Arbitrary Code Injection
Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the git-config endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary O...
DEBIAN-CVE-2026-30928
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...