CVE-2026-42336

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

PT-2026-43396

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...

MAL-2025-28044 Malicious code in object-storage-service (npm)

The package object-storage-service was found to contain malicious code...

Malicious code in object-storage-service (npm)

The package object-storage-service was found to contain malicious code...

CVE-2025-2394

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...

CVE-2025-2394

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...

CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...

PT-2025-22570 · Ecovacs · Ecovacs Home

Name of the Vulnerable Software and Affected Versions: Ecovacs Home Android and iOS Mobile Applications versions up to 3.3.0 Description: The issue concerns the disclosure of sensitive data due to embedded access keys and secrets for Alibaba Object Storage Service OSS in the Ecovacs Home mobile...

PT-2022-6365 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x Description: The issue is related to the cleartext storage of sensitive information in the S3 component, potentially leading to information disclosure. An authenticated local attacker cou...

[SECURITY] Fedora 36 Update: golang-github-aliyun-ossutil-1.7.9-4.fc36

Alibaba Cloud Aliyun Object Storage Service OSS CLI...

Fedora: Security Advisory for golang-github-aliyun-ossutil (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-aliyun-ossutil-1.7.9-3.fc35

Alibaba Cloud Aliyun Object Storage Service OSS CLI...

Fedora: Security Advisory for golang-github-aliyun-ossutil (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GitLab Input Validation Error Vulnerability (CNVD-2021-31224)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

Star Queen Aliyun OSS credentials have information leakage vulnerability

Star Queen APP is a social platform based on beauty and beautification manicure plastic surgery and bodybuilding and other industries. AliCloud Object Storage Service OSS is a massive, secure and highly reliable cloud storage service provided by AliCloud. After the star AliCloud OSS credentials...

Palm Edge AliCloud OSS credentials have information leakage vulnerabilities

Palm Edge APP is a mobile unit association dating activities software. There is an information leakage vulnerability in the Palm Edge AliCloud OSS credentials. The vulnerability is caused by credential leakage due to the use of SDK with accessKeyId and accessKeySecret, endpoint built into the...

Lychee Live AliCloud OSS credentials have information leakage vulnerability

Lychee Live app is an Internet-based interactive live broadcasting platform launched by Guangdong Network Radio and Television. There is an information leakage vulnerability in Lychee Live Aliyun OSS credentials. The vulnerability is caused by credential leakage due to the use of SDK with...

Ate little brother ali cloud oss credentials have information leakage vulnerability

The Aite Little Brother app is a service program. There is an information leakage vulnerability in the Aite Little Brother AliCloud oss credentials. The vulnerability stems from the accessKeyId and accessKeySecret, endpoint built into the mobile app, resulting in credential leakage. An attacker c...

BeautyMakeupAPP aliyun oss credentials have information leakage vulnerability

Aliyun Object Storage Service OSS is a massive, secure and highly reliable cloud storage service provided by Aliyun. BeautyMakeup aliyun oss credentials are vulnerable to information disclosure. When using this SDK, accessKeyId and accessKeySecret, endpoint are built into the mobile app, leading ...

Cloud Storage Privilege Leakage Vulnerability in Ropeway APP

Rookie Shao Shao is an application that provides the ability to check and send express delivery. A cloud storage access leakage vulnerability exists in the app. Due to the use of AliCloudoss, accessKeyId and accessKeySecret are built into the mobile application, resulting in credential leakage. A...