223 matches found
Missing Authentication for Critical Function
Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PutObjectExtractHandler, PutObjectHandler, and PutObjectPartHandler function. An...
PT-2026-34231
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...
EUVD-2026-17206
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...
CVE-2026-4219
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument...
CVE-2026-32913 OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...
WordPress Plugin wpDiscuz Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpDiscuz, which stems fr...
EUVD-2026-12353
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument...
CVE-2026-4219
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument...
CVE-2026-4219 INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument...
CVE-2026-4217
CVE-2026-4217 affects XREAL Nebula App up to version 3.2.1 on Android. The vulnerability resides in ai.nreal.nebula.universal’s CloudStoragePlugin.java (ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java) where manipulation of accessKey/secretAccessKey/securityToken can lead to unprotected sto...
INDEX Conferences and Exhibitions Organization YWF BPOF APGCS App 安全漏洞
INDEX Conferences and Exhibitions Organization YWF BPOF APGCS App is an application for organizing conferences and exhibitions. Versions of INDEX Conferences and Exhibitions Organization YWF BPOF APGCS App prior to 1.0.2 have security vulnerabilities. These vulnerabilities stem from improper...
PT-2026-25618
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS...
CVE-2025-62879
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
EUVD-2026-9849
Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...
CVE-2025-62879
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
CVE-2025-62879
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...
GHSA-WJ3P-5H3X-C74Q Rancher Backup Operator pod's logs leak S3 tokens
Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...