Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:41 p.m.7 views

CVE-2026-50137

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...

9.4CVSS5.8AI score0.00415EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:1 p.m.7 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 8:1 p.m.13 views

CVE-2026-49991

RustFS 1.0.0-beta.4 is affected by a path traversal vulnerability in the Snowball auto-extract feature. Authenticated users with only PutObject permission on their own bucket can write arbitrary objects into other users’ buckets, breaking multi-tenant isolation. Root causes include: (1) No ../ sa...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

8.8CVSS5.7AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 4:3 p.m.6 views

BIT-MINIO-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing t...

8.8CVSS5.8AI score0.00349EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 1:16 a.m.7 views

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

8.8CVSS0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 12:54 a.m.34 views

CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

8.8CVSS0.00349EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 12:54 a.m.186 views

CVE-2026-41145

MinIO contains an authentication bypass in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path, affecting releases prior to RELEASE.2026-04-11T03-20-12Z. An attacker with a valid access key (including default minioadmin or any key with WRITE on a bucket) can write objects to any bucket without a val...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/14 11:40 p.m.7 views

Improper Authentication

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Authentication via the PutObjectHandler and PutObjectPartHandler function. An attacker can gain unauthorized write access to...

8.8CVSS5.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 12:4 a.m.4 views

Missing Authentication for Critical Function

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PutObjectExtractHandler, PutObjectHandler, and PutObjectPartHandler function. An...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32435

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS5.7AI score0.00485EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.11 views

PT-2026-34231

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/04/09 5:32 p.m.7 views

MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

7.1CVSS5.8AI score0.00485EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/08 9:16 p.m.15 views

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS0.00485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31438

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2018-08-18T03-49-57Z through RELEASE.2025-12-20T04-58-37Z Description MinIO's S3 Select feature is susceptible to memory exhaustion when handling CSV files with lines exceeding available memory. The nextSplit function...

7.1CVSS5.9AI score0.00485EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.4 views

SUSE CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 8:16 p.m.4 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 7:30 p.m.27 views

CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:30 p.m.5 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Rows per page
Query Builder