1126 matches found
GHSA-HFRJ-R4V7-3997 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-5R3H-V82J-R7RR vulnerabilities
Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-WFX4-V2WF-4GMP vulnerabilities
Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-F3Q5-7M6P-4QXQ vulnerabilities
Vulnerabilities for packages: linux-aws, linux-qemu, linux-gcp, linux-vmware...
GHSA-3886-873F-6XPF vulnerabilities
Vulnerabilities for packages: linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
CVE-2026-49297
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
CVE-2026-49297
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
BIT-GHOST-2026-53948 Ghost: File Upload Content-Type Spoofing
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...
CVE-2026-13316
A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...
EUVD-2026-40281
A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...
CVE-2026-13316
Foreman (HTTP proxies: http_proxies_controller, http_proxy) is affected by a flaw that allows SSRF, enabling access to cloud metadata services in AWS/GCP/Azure environments via modified HTTP parameters. Root cause involves unvalidated/test_url parameters in Foreman’s configuration paths. Impact i...
CVE-2026-13316
A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component. Mitigation Mitigation for this issue is either not availab...
SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2683-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2683-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2682-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2682-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
SUSE-SU-2026:2683-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...
SUSE-SU-2026:2682-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...
MAL-2026-6582 Malicious code in openai-agents-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...
Malicious code in openai-agents-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...