Lucene search
+L

57 matches found

Positive Technologies
Positive Technologies
โ€ขadded 2026/07/11 12:0 a.m.โ€ข10 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
OSV
OSV
โ€ขadded 2026/07/06 8:3 a.m.โ€ข4 views

PYSEC-2026-784 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
โ€ขadded 2026/07/03 12:31 a.m.โ€ข10 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
โ€ขadded 2026/07/03 12:16 a.m.โ€ข8 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/07/02 11:49 p.m.โ€ข17 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/07/02 11:49 p.m.โ€ข10 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.9AI score0.00359EPSS
Exploits0References4
Cvelist
Cvelist
โ€ขadded 2026/07/02 11:49 p.m.โ€ข65 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2026/07/01 9:15 p.m.โ€ข10 views

Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
Fedora
Fedora
โ€ขadded 2026/06/19 1:1 a.m.โ€ข20 views

[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/08 8:59 p.m.โ€ข20 views

CVE-2026-48501

A flaw was found in GitHub CLI. The tool incorrectly includes authorization headers in API requests to TUF repository mirrors when using commands such as gh attestation, gh release verify, and gh release verify-asset. This issue occurs because the shared HTTP client's authentication layer lacks...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References4
SUSE CVE
SUSE CVE
โ€ขadded 2026/05/31 1:32 a.m.โ€ข22 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/05/29 3:30 p.m.โ€ข8 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References4
Cvelist
Cvelist
โ€ขadded 2026/05/29 3:14 p.m.โ€ข40 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

GitHub CLI gh is GitHubโ€™s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/28 12:0 a.m.โ€ข19 views

PT-2026-44227

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In stacked Linux Security Module LSM configurations, the sock has perm and nlmsg sock has extended perms functions incorrectly dereference sk-sk security directly. This assumes the SELin...

9.8CVSS6AI score0.03663EPSS
Exploits18References279
OSV
OSV
โ€ขadded 2026/05/22 1:45 p.m.โ€ข10 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2026/05/20 2:6 p.m.โ€ข8 views

MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/03/26 3:3 p.m.โ€ข7 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/03/18 4:53 a.m.โ€ข35 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS0.00348EPSS
Exploits0References2
Vulnrichment
Vulnrichment
โ€ขadded 2026/03/18 4:53 a.m.โ€ข3 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
CVE
CVE
โ€ขadded 2026/03/18 4:53 a.m.โ€ข11 views

CVE-2026-32268

CVE-2026-32268 concerns the Azure Blob Storage for Craft CMS plugin. In 2.x releases before 2.1.1, unauthenticated users can view a list of buckets the plugin can access through the DefaultController->actionLoadContainerData() endpoint when presenting a valid CSRF token. This can disclose sens...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Rows per page
Query Builder