Lucene search
K

307 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer that is not initialized yet. If the KVP or VSS daemon starts before the VMBus channel’s ringbuffer is fully initialized, we can encounter a panic as follows: hvutils: Registering th...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 3:8 a.m.11 views

CVE-2026-28733 filemanagement_storage_service has an use after free vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

6.5CVSS6.1AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 3:8 a.m.40 views

CVE-2026-28733 filemanagement_storage_service has an use after free vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

6.5CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 3:8 a.m.8 views

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 3:8 a.m.21 views

CVE-2026-25850

CVE-2026-25850 concerns OpenHarmony, affecting v6.0 and earlier, where the component filemanagement_storage_service improperly preserves permissions. The result is a local attacker can cause an information leak. The CVSS score is 5.5 (Medium); vectors: Local access, low attack complexity, low pri...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 3:8 a.m.48 views

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

5.5CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 2:59 a.m.8 views

CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 2:59 a.m.26 views

CVE-2026-28751

Technical details about CVE-2026-28751 are not publicly provided in the supplied documents; please monitor for updates.

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 2:52 p.m.13 views

CVE-2026-42295

A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 Simple Storage Service access keys, GCS Google Cloud Storage service account keys, Azure...

8.5CVSS5.6AI score0.00357EPSS
Exploits1References5
Veracode
Veracode
added 2026/05/16 5:17 a.m.14 views

Authorization Bypass

StudioCMS is vulnerable to Improper Access Control. The vulnerability is due to missing await handling for the asynchronous isAuthorized function in the S3 storage manager, where authorization checks in the POST and PUT handlers always evaluate as successful because unresolved Promise objects are...

7.6CVSS5.8AI score0.00183EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.10 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/14 6:34 p.m.11 views

Authentication Bypass

s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References10
Fedora
Fedora
added 2026/05/11 1:2 a.m.12 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
OSV
OSV
added 2026/05/04 6:30 p.m.3 views

GHSA-VXGG-MQX2-3W59 Apache Polaris has an Improper Input Validation Issue

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 4:48 p.m.50 views

CVE-2026-42810

CVE-2026-42810 affects Apache Polaris. The issue arises because Polaris accepts literal ‘’ characters in namespace and table names, and these unescaped characters are reused in temporary S3 access policies for delegated table access. In S3 IAM policy matching, ‘ ’ is treated as a wildcard, allowi...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/26 11:0 p.m.18 views

CVE-2026-7065

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.00294EPSS
Exploits0References5
NVD
NVD
added 2026/04/23 12:16 a.m.9 views

CVE-2026-5935

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

9.8CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:30 p.m.33 views

CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

7.3CVSS0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 12:32 p.m.6 views

EUVD-2026-23821

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

7.5CVSS6.5AI score0.003EPSS
Exploits0References5
Rows per page
Query Builder