54 matches found
CVE-2026-56767
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...
CVE-2026-56767
Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...
CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...
SUSE CVE-2026-11255
Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-29500
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
CVE-2026-31216
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
CVE-2026-31216
The CVE concerns the Nexent v1.7.5.2 backend service. The vulnerability lies in the file management API: DELETE /storage/{object_name:path} accepts a user-controlled object_name and is missing authentication, authorization, and input validation. This allows unauthenticated remote attackers to del...
Release Information for Dell SC Series Plug-In for Veeam Backup & Replication
This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Dell SC Series Plug-In v1.0.211, ensure that you are running Veeam Backup & Replication...
EUVD-2025-74036
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...
CVE-2025-9055
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...
PT-2025-46313
Name of the Vulnerable Software and Affected Versions VAPIX Edge affected versions not specified Description The VAPIX Edge storage API contains a flaw that allows privilege escalation. An authenticated VAPIX administrator-privileged user can gain Linux Root privileges. Exploitation requires...
EUVD-2015-9062
Malware in sbrugna...
EUVD-2015-5457
Malware in sbrugna...
EUVD-2017-6384
Malware in sbrugna...
EUVD-2014-5068
Malware in sbrugna...
EUVD-2025-27469
Malicious code in bioql PyPI...
EUVD-2025-20017
Malicious code in bioql PyPI...
MAL-2025-41496 Malicious code in @twork-data-services/customer-storage-api-v5-customer (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41495 Malicious code in @twork-data-services/customer-storage-api-v3-customer-timezone (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41494 Malicious code in @twork-data-services/customer-storage-api-v3-customer-attribute (npm)
--- -= Per source details. Do not edit below this line.=-...