Lucene search
K

33949 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/04 4:37 p.m.6 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:37 p.m.8 views

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 4:37 p.m.16 views

CVE-2026-42811

CVE-2026-42811 : Apache Polaris builds Google Cloud Storage downscoped credentials via a Credential Access Boundary (CAB) with CEL conditions intended to constrain to a table path. The CEL string uses the bucket and table path; if a namespace/table identifier contains special content (e.g., a sin...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 4:37 p.m.31 views

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS0.00431EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/05/04 1:17 p.m.12 views

GHSA-2274-3HGR-WXV6 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp, linux-vmware, linux-aws, linux-azure...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/05/04 12:0 p.m.10 views

Meet Wiz for M365: Bringing SaaS into the Security Graph

Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 11:58 a.m.15 views

2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his...

5.7AI score
Exploits0
OSV
OSV
added 2026/05/04 10:10 a.m.4 views

OPENSUSE-SU-2026:20669-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 10:9 a.m.4 views

SUSE-SU-2026:21540-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

yudao-cloud 授权问题漏洞

Yudao-Cloud is a backend management system developed by YunaiV’s individual developers. Versions of Yudao-Cloud 3.8.0 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from the operation of the parameter mock-token in the JwtAuthenticationTokenFilter.java...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Version 1.4.0 of Apache Polaris contains a vulnerability related to input validation. This vulnerability arises from the lack of escaping of namespace or table identifiers when constructing Google Cloud...

9.9CVSS5.8AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 11:16 p.m.16 views

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.01158EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 11:15 p.m.6 views

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS6.7AI score0.00405EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 11:15 p.m.5 views

EUVD-2026-26851

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS6.7AI score0.00405EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 11:15 p.m.5 views

CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS6.7AI score0.00405EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 11:15 p.m.46 views

CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS0.00405EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 10:0 p.m.8 views

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/03 10:0 p.m.42 views

CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.01158EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 10:0 p.m.4 views

CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 4:10 p.m.5 views

Malicious code in google-cloud-secret-manager-config-poc (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

5.7AI score
Exploits0References1
Rows per page
Query Builder