Lucene search
K

12 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:1 p.m.7 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 8:1 p.m.25 views

CVE-2026-49991 RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52909

Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:25 a.m.9 views

Authentication Bypass

MinIO is vulnerable to Authentication Bypass. The vulnerability is due to missing signature verification for authTypeStreamingUnsignedTrailer requests in the Snowball auto-extract handler, which allows an attacker with knowledge of a valid access key to upload arbitrary objects without providing ...

8.8CVSS5.4AI score0.00418EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 12:49 a.m.9 views

CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS6.1AI score0.00418EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 12:49 a.m.29 views

CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS0.00418EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 12:49 a.m.34 views

CVE-2026-40344

MinIO is affected by an authentication bypass in the Snowball auto-extract handler (PutObjectExtractHandler) prior to RELEASE.2026-04-11T03:20:12Z. An attacker with a valid access key (including the default minioadmin or any key with WRITE on a bucket) can write arbitrary objects to any bucket wi...

8.8CVSS6.1AI score0.00418EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.11 views

PT-2026-34231

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/12/09 7:29 a.m.1 views

CVE-2025-14307 Insecure Temporary File Creation in Robocode's AutoExtract Component

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files...

9.3CVSS7.3AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 6:30 p.m.4 views

GHSA-9P44-Q66P-XM6P ProcessWire CMS vulnerable to resource-exhaustion Denial of Service

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

7.1CVSS6.9AI score0.00395EPSS
Exploits1References4
Rows per page
Query Builder