91 matches found
CVE-2025-57682
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...
CVE-2025-57682
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...
PT-2025-38726
Name of the Vulnerable Software and Affected Versions Papermark versions prior to 0.20.0 Description An issue exists in Papermark that allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution. This is possible via the 'POST...
CVE-2020-36363
Amazon AWS CloudFront TLSv1.22019 allows TLSECDHERSAWITHAES128CBCSHA256 and TLSECDHERSAWITHAES256CBCSHA384, which some entities consider to be weak ciphers...
Allow HTTP Strict Transport Security (HSTS) to be configured in Bamboo 10
h3. Issue Summary This is reproducible on Data Center: / Up until Bamboo 9.6, HTTP Strict Transport Security|https://tools.ietf.org/html/rfc6797 was configurable in Bamboo by following the steps outlined in this KB article: How do I enable HSTS and other HTTP Security Headers in Bamboo Data...
MAL-2024-6986 Malicious code in logstash_codec-cloudfront (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in logstash_codec-cloudfront (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
di5qs4dv32t01.cloudfront.net Cross Site Scripting vulnerability OBB-3842431
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Internet Bug Bounty: Misconfiguration in AWS CloudFront CDN configuration makes rubygems.org serve (and cache) content from a unclaimed S3-bucket
A misconfiguration in the AWS CloudFront CDN configuration for rubygems.org caused content to be served from an unclaimed S3 bucket. This could have enabled an attacker to serve malicious content and affect availability. Artifactory instances were observed accessing files, presenting a potential...
d3era4f9t2zcfk.cloudfront.net Cross Site Scripting vulnerability OBB-3712327
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dbve060ocfe16.cloudfront.net Cross Site Scripting vulnerability OBB-3516025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Maximizing Performance with Wallarm Filtering Nodes in Amazon’s Global Infrastructure
Introduction In todays digital landscape, ensuring the security and performance of web applications is paramount. To achieve optimal protection against cyber threats, organizations deploy web application and API protection WAAPs like Wallarm. However, to truly leverage the benefits of Wallarm,...
dbve060ocfe16.cloudfront.net Cross Site Scripting vulnerability OBB-3408088
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dfcdths9j2gip.cloudfront.net Cross Site Scripting vulnerability OBB-3289239
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-33PV-VCGH-JFG9 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Impact A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a fi...
dpr5ie4jiu1sc.cloudfront.net Cross Site Scripting vulnerability OBB-3040348
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dbve060ocfe16.cloudfront.net Cross Site Scripting vulnerability OBB-2866875
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
d1n598x054kygy.cloudfront.net Cross Site Scripting vulnerability OBB-2675033
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dpr5ie4jiu1sc.cloudfront.net Cross Site Scripting vulnerability OBB-2639418
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
d39pstlceyjgdg.cloudfront.net Cross Site Scripting vulnerability OBB-2559194
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...