756 matches found
CVE-2026-42811
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
MoviePilot 路径遍历漏洞
MoviePilot is an automated film resource management tool developed by jxxghp. MoviePilot has a path traversal vulnerability, which stems from path traversal within the AliPan, U115, and Rclone cloud storage download processors. This vulnerability allows attackers to manipulate the file names...
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...
CVE-2026-49193
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
EUVD-2026-34212
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-49193
Technical details about CVE-2026-49193 are not publicly available in the provided documents; monitor for updates from official sources.
CVE-2026-49193
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
PT-2026-46151
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
GNCC GP5 安全漏洞
GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from overly permissive configuration settings of the cloud storage container. This vulnerability may lead to the unauthorized disclosure of activ...
DEBIAN-CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
CVE-2022-31231
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
Dell ECS 访问控制错误漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...
Malicious code in @sec-loans-ui/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...
CVE-2026-42295
A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 Simple Storage Service access keys, GCS Google Cloud Storage service account keys, Azure...
Secret Key Exposure
Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...
CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...