EUVD-2026-28893

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

PT-2026-24112

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.4.5.0 through 2.9.0 Description Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, have a path traversal issue in the AWS S3 uploader implementation. Authenticated users can read arbitrary files from...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1101 more potentially affected by CVE-2026-26278 via fast-xml-parser (>=5.0.1 <=5.3.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.6.22 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JS-FASTXMLPARSER-15307668...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

Linux Distros Unpatched Vulnerability : CVE-2025-4949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the...

Security update for eclipse-jgit

This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

git-annex 安全漏洞

git-annex is a git-annex open source tool for managing large files in Git repositories. A security vulnerability exists in git-annex versions prior to 3.20121126 through 5.20140919, which stems from unencrypted storage of AWS credentials embedded in S3 and Glacier remote storage...

CVE-2023-22735

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

Quivr 安全漏洞

Quivr is an artificial intelligence application open-sourced by Quivr. A security vulnerability exists in Quivr that stems from a path traversal that allows an attacker to upload a file to an arbitrary path in an S3 bucket...

Stream Data from Linode Object Storage Using the AWS S3 SDK

Learn how to build a Spin application in TypeScript that streams data from Linode Object Storage using the AWS S3 SDK...

SUSE CVE-2024-1682

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of...

PT-2024-18218 · Amazon · Amazon S3

Name of the Vulnerable Software and Affected Versions: Amazon S3 affected versions not specified Description: The issue concerns an unclaimed Amazon S3 bucket, 'codeconf', referenced in an audio file link within a documentation file. This bucket has been claimed by an external party, which could...

Amazon S3 Browser Security Vulnerability

Amazon S3 Browser is a web-based online storage service by Amazon.com, Inc. enables users to easily store files on a web server. A security vulnerability exists in Amazon S3 Browser versions v.11.4.5 and v.10.9.9, which stems from a vulnerability that could allow a remote attacker to gain access ...