PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft , whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google war...

Malicious code in strapi-upload-aws-s3 (npm)

The package strapi-upload-aws-s3 was found to contain malicious code...

SUSE-SU-2025:02762-1 Security update for eclipse-jgit

This update for eclipse-jgit fixes the following issues: - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647...

CVE-2025-52454

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Amazon S3 Connector modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52454

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Amazon S3 Connector modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52454

CVE-2025-52454 describes a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux via the Amazon S3 Connector modules, enabling Resource Location Spoofing. Affected Tableau Server versions are prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.1...

PT-2025-30927 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: A Server-Side Request Forgery SSRF vulnerability exists in Tableau Server on Windows and Linux system...

SUSE CVE-2014-6274

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...

PT-2025-24926 · Nx +1 · Aws S3 Remote Cache Plugin For Nx +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical security issue exists in remote cache extensions for common build systems that utilize bucket-based remote cache, such as those using Amazon S3 or Google Cloud Storage. This issue...

SUSE CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2024-29795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

GHSA-VRPQ-QP53-QV56 Eclipse JGit XML External Entity (XXE) Vulnerability

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

DEBIAN-CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

PT-2025-22326

Name of the Vulnerable Software and Affected Versions Eclipse JGit versions 7.2.0.202503040940-r and older Description The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity...

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2025-1208)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...