Lucene search
+L

756 matches found

redhatcve
redhatcve
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.3AI score0.00431EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 12:10 a.m.11 views

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.9 views

MoviePilot 路径遍历漏洞

MoviePilot is an automated film resource management tool developed by jxxghp. MoviePilot has a path traversal vulnerability, which stems from path traversal within the AliPan, U115, and Rclone cloud storage download processors. This vulnerability allows attackers to manipulate the file names...

8.1CVSS5.3AI score0.00469EPSS
Exploits0References3
thn
thn
added 2026/06/04 9:33 a.m.16 views

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...

5.8AI score
Exploits0
nvd
nvd
added 2026/06/04 7:16 a.m.14 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/04 6:17 a.m.43 views

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 6:17 a.m.14 views

EUVD-2026-34212

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
cve
cve
added 2026/06/04 6:17 a.m.28 views

CVE-2026-49193

Technical details about CVE-2026-49193 are not publicly available in the provided documents; monitor for updates from official sources.

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/04 6:17 a.m.7 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.20 views

PT-2026-46151

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.12 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...

7.1CVSS5.4AI score0.00093EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.13 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from overly permissive configuration settings of the cloud storage container. This vulnerability may lead to the unauthorized disclosure of activ...

8.7CVSS5.3AI score0.00245EPSS
Exploits0References1
osv
osv
added 2026/05/27 2:16 a.m.10 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
nvd
nvd
added 2026/05/22 4:16 p.m.18 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS0.00346EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/22 12:0 a.m.11 views

Dell ECS 访问控制错误漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
ossf
ossf
added 2026/05/20 6:16 a.m.11 views

Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

5.9AI score
Exploits0References2
redhatcve
redhatcve
added 2026/05/18 2:52 p.m.15 views

CVE-2026-42295

A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 Simple Storage Service access keys, GCS Google Cloud Storage service account keys, Azure...

8.5CVSS5.6AI score0.00357EPSS
Exploits1References5
veracode
veracode
added 2026/05/16 5:33 a.m.19 views

Secret Key Exposure

Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References7Affected Software1
vulnrichment
vulnrichment
added 2026/05/14 7:37 p.m.9 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.12 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS
Exploits0References2
Rows per page
Query Builder