Lucene search
K

747 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:18 p.m.16 views

Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/09 10:23 a.m.6 views

Directory Traversal

Overview apache-airflow-providers-samba is a Provider package apache-airflow-providers-samba for Apache Airflow Affected versions of this package are vulnerable to Directory Traversal via the GCSToSambaOperator function. An attacker can write files to arbitrary locations on the Samba target by...

6.9CVSS6.2AI score0.00695EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/09 9:16 a.m.8 views

PYSEC-2026-208

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.5AI score0.00695EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/09 7:42 a.m.12 views

EUVD-2026-35374

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47720

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-samba versions prior to 4.12.6 Description The GCSToSambaOperator in the Apache Airflow Samba provider fails to perform a containment check when joining GCS object names to the SMB destination path. This allows an...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Apache Airflow 路径遍历漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a path traversal vulnerability in the Apache...

6.5CVSS5.4AI score0.00695EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.16 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 10:16 p.m.11 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS0.00469EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 9:42 p.m.33 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 9:42 p.m.12 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 9:42 p.m.28 views

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.5AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6281

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

8.8CVSS6AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.3AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:10 a.m.10 views

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

MoviePilot 路径遍历漏洞

MoviePilot is an automated film resource management tool developed by jxxghp. MoviePilot has a path traversal vulnerability, which stems from path traversal within the AliPan, U115, and Rclone cloud storage download processors. This vulnerability allows attackers to manipulate the file names...

8.1CVSS5.3AI score0.00469EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/04 9:33 a.m.16 views

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/04 7:16 a.m.13 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 6:17 a.m.43 views

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:17 a.m.14 views

EUVD-2026-34212

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder