Lucene search
K

4 matches found

Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-55873 SeaweedFS: Improper authorization in the S3Tables / Iceberg REST management API lets a low-privileged S3 user enumerate administrator-owned table buckets

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS
Exploits0References4
EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-42286

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS5.9AI score
Exploits0References4
CVE
CVE
added 3 hours ago9 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score
Exploits0References4
OSV
OSV
added 2025/08/09 9:15 p.m.4 views

CVE-2025-8775

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

9.8CVSS5.4AI score0.00377EPSS
Exploits1References5
Rows per page
Query Builder