4 matches found
EUVD-2026-43575
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...
CVE-2026-57855
Cockpit CMS is affected by a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without ACL or role checks, allowing any authen...
EUVD-2025-29362
Malicious code in bioql PyPI...
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection
Description The LocalS3 project contains an XML External Entity XXE Injection vulnerability in its bucket operations that process XML data. Specifically, the vulnerability exists in the bucket ACL and bucket tagging operations. The application processes XML input without properly disabling extern...