CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

CVE-2026-32266

The CVE concerns the Google Cloud Storage for Craft CMS plugin (Craft CMS). On the 2.x branch, versions prior to 2.2.1 expose information via DefaultController->actionLoadBucketData() such that unauthenticated users with a valid CSRF token can view the list of buckets the plugin can access. Th...

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

Amazon S3 for Craft CMS 信息泄露漏洞

Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the actionLoadContainerData endpoint. An attacker can access sensitive bucket information by sending unauthenticated requests with a valid CSRF token. Because error messages may also reveal sensitive data,...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...

PT-2026-25843

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

EulerOS 2.0 SP9 : python-requests (EulerOS-SA-2025-1061)

According to the versions of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been...

PYSEC-2020-220

A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...