313 matches found
CVE-2026-55542 Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL
Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
CVE-2026-55418
Summary: CVE-2026-55418 affects FastGPT prior to v4.15.0-beta5, where two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request. The key’s association with the caller’s team is not validated, allowing cross-team file d...
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
BIT-GHOST-2026-53948 Ghost: File Upload Content-Type Spoofing
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...
CVE-2026-50137 Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
CVE-2026-50136
Budibase prior to version 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The /api/attachments/:datasourceId/url route is protected only by recaptcha, allowing a caller with workspace and S3 datasource IDs t...
GO-2026-5616 S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy
S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy...
PT-2026-52557
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.30 Description The S3 API gateway and the Iceberg REST catalog gateway use a router configuration that disables path cleaning. This allows a .. segment within a URL to persist during routing. For example, a reques...
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...
[SECURITY] Fedora 43 Update: restic-0.19.0-1.fc43
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
CVE-2025-10560
The CVE-CWE entry documents a vulnerability in Worksnaps before version 1.6.20260201 where hardcoded cloud credentials and related secret material were embedded in Worksnaps client binaries. The exposed data included AWS access keys and S3 bucket information, and the credentials authenticated as ...
CVE-2026-48768
TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...
CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
EUVD-2026-36091
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
CVE-2026-42336
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...
CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
PT-2026-43396
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...
CVE-2026-9291
Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...