Lucene search
K

1126 matches found

Chainguard
Chainguard
added 15 hours ago3 views

GHSA-HFRJ-R4V7-3997 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.9AI score
Exploits0
Chainguard
Chainguard
added 15 hours ago3 views

GHSA-5R3H-V82J-R7RR vulnerabilities

Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.9AI score
Exploits0
Chainguard
Chainguard
added 15 hours ago3 views

GHSA-WFX4-V2WF-4GMP vulnerabilities

Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.9AI score
Exploits0
Chainguard
Chainguard
added 15 hours ago3 views

GHSA-F3Q5-7M6P-4QXQ vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-gcp, linux-vmware...

5.9AI score
Exploits0
Chainguard
Chainguard
added 15 hours ago3 views

GHSA-3886-873F-6XPF vulnerabilities

Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.9AI score
Exploits0
NVD
NVD
added 2 days ago9 views

CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS0.00602EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS6.1AI score0.00602EPSS
Exploits1References3
Fedora
Fedora
added 6 days ago8 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00513EPSS
Exploits1
Fedora
Fedora
added 6 days ago8 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00513EPSS
Exploits1
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53948 Ghost: File Upload Content-Type Spoofing

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 a.m.6 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS0.00105EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 9:53 a.m.6 views

EUVD-2026-40281

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS5.7AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:53 a.m.12 views

CVE-2026-13316

Foreman (HTTP proxies: http_proxies_controller, http_proxy) is affected by a flaw that allows SSRF, enabling access to cloud metadata services in AWS/GCP/Azure environments via modified HTTP parameters. Root cause involves unvalidated/test_url parameters in Foreman’s configuration paths. Impact i...

4.4CVSS5.7AI score0.00105EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/30 9:52 a.m.7 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component. Mitigation Mitigation for this issue is either not availab...

4.4CVSS5.6AI score0.00105EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2683-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2683-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2682-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2682-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 1:29 p.m.2 views

SUSE-SU-2026:2683-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 1:29 p.m.2 views

SUSE-SU-2026:2682-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 6:12 a.m.7 views

MAL-2026-6582 Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:12 a.m.6 views

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...

6AI score
Exploits0References2
Rows per page
Query Builder