Lucene search
+L

1085 matches found

euvd
euvd
added 3 days ago8 views

EUVD-2026-43577

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References6
euvd
euvd
added 3 days ago4 views

EUVD-2026-43575

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score0.00283EPSS
Exploits0References5
nvd
nvd
added 4 days ago7 views

CVE-2026-57856

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS0.00389EPSS
Exploits0References5
nvd
nvd
added 4 days ago7 views

CVE-2026-57855

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS0.00283EPSS
Exploits0References4
cve
cve
added 4 days ago8 views

CVE-2026-57856

Cockpit CMS exposes a path traversal in the Bucket file storage API (/system/buckets/api). The api() function sanitizes the bucket name with a regex that still allows ".." and "../" sequences, which are then interpolated into uploads://buckets/{bucket} and not blocked by Flysystem’s WhitespacePat...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago33 views

CVE-2026-57856 Cockpit CMS Path Traversal via Bucket Name in Bucket File Storage API

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS0.00389EPSS
Exploits0References5
osv
osv
added 4 days ago4 views

CVE-2026-57856 Cockpit CMS Path Traversal via Bucket Name in Bucket File Storage API

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.7CVSS6.1AI score0.00389EPSS
Exploits0References7
osv
osv
added 4 days ago3 views

CVE-2026-57855 Cockpit CMS Missing Authorization in Bucket File Storage API

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.7CVSS6.1AI score0.00283EPSS
Exploits0References6
vulnrichment
vulnrichment
added 4 days ago3 views

CVE-2026-57855 Cockpit CMS Missing Authorization in Bucket File Storage API

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score0.00283EPSS
Exploits0References4
cvelist
cvelist
added 4 days ago31 views

CVE-2026-57855 Cockpit CMS Missing Authorization in Bucket File Storage API

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS0.00283EPSS
Exploits0References4
cve
cve
added 4 days ago13 views

CVE-2026-57855

Cockpit CMS is affected by a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without ACL or role checks, allowing any authen...

8.8CVSS6.1AI score0.00283EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 3:16 p.m.7 views

CVE-2026-55874

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS0.00327EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 2:48 p.m.5 views

EUVD-2026-42286

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/08 2:43 p.m.34 views

CVE-2026-55874 SeaweedFS: Path traversal in the S3 gateway X-Amz-Copy-Source header allows cross-bucket object read

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS0.00327EPSS
Exploits0References4
cve
cve
added 2026/07/08 2:43 p.m.17 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 2:43 p.m.6 views

EUVD-2026-42285

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56468

Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.34 Description The S3 API gateway fails to properly validate input in the X-Amz-Copy-Source header used by the CopyObject and UploadPartCopy functions. This improper validation allows the use of dot-dot path...

7.7CVSS6.1AI score0.00327EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.6 views

PT-2026-56264

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to v4.15.0-beta5 Description Two file handlers fail to verify if a requested S3 object key belongs to the caller's team. Since S3 object keys are global within a bucket and only include the tenant ID as a path segment, a...

8.6CVSS6.1AI score0.00299EPSS
Exploits0References10
osv
osv
added 2026/06/30 11:51 p.m.9 views

BIT-SEAWEEDFS-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS5.8AI score0.00766EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/06/30 3:57 p.m.7 views

CVE-2026-58372

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References7
Rows per page
Query Builder