Lucene search
K

44 matches found

The Hacker News
The Hacker News
added 2026/06/16 7:5 p.m.10 views

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty...

7.7CVSS5.6AI score0.00438EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.26 views

openSUSE 16 Security Update : mcphost (openSUSE-SU-2026:20788-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20788-1 advisory. This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly...

9.1CVSS5.9AI score0.01557EPSS
Exploits3References18
OSV
OSV
added 2026/05/22 11:51 a.m.13 views

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

9.1CVSS6.7AI score0.01557EPSS
Exploits3References13
OSV
OSV
added 2026/05/22 11:51 a.m.11 views

SUSE-SU-2026:21756-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

9.1CVSS6.7AI score0.01557EPSS
Exploits3References13
OSV
OSV
added 2026/05/22 11:50 a.m.7 views

OPENSUSE-SU-2026:20788-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

9.1CVSS6.7AI score0.01557EPSS
Exploits3References12
The Hacker News
The Hacker News
added 2026/03/31 1:9 p.m.5 views

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/10 2:40 p.m.155 views

Exploit for CVE-2026-2472

🚨 CVE-2026-2472-Vertex-AI-SDK-Google-Cloud - Simple Proof of C...

8.6CVSS5.8AI score0.00529EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.152 views

📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

7.7CVSS5.8AI score0.00438EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.4 views

Vertex AI SDK 1.131.0 Cross Site Scripting Scanner

This script is a defensive behavioral security scanner designed to test whether HTML reports generated by the internal visualization module of the google-cloud-aiplatform part of Google Cloud improperly render unescaped user-controlled input...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.152 views

📄 Google Cloud Vertex AI SDK Cross Site Scripting / Code Execution

A persistent cross site scripting vulnerability was identified in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform, affecting versions 1.98.0 up to but not including 1.131.0. The vulnerability allows an unauthenticated remote attacker to inject maliciou...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.12 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.9AI score0.00247EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/27 2:57 p.m.210 views

Exploit for CVE-2026-2472

Unauthenticated Stored Cross-Site Scripting XSS in genai/e...

8.6CVSS6.2AI score0.00529EPSS
Exploits2
EUVD
EUVD
added 2026/02/26 3:30 p.m.8 views

EUVD-2026-8853

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 3:17 p.m.9 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:14 p.m.5 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 2:14 p.m.26 views

CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 2:14 p.m.38 views

CVE-2026-2244

Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.12 views

Google Cloud Vertex AI Workbench 安全漏洞

Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...

8.4CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-22149

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI Workbench versions 7/21/2025 through 01/30/2026 Description A flaw exists in Google Cloud Vertex AI Workbench that enables an attacker to obtain legitimate Google Cloud access tokens belonging to other users. This is...

8.4CVSS6.1AI score0.00247EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.7 views

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS5.9AI score0.00438EPSS
Exploits1References1
Rows per page
Query Builder