CVE-2026-27826

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

EUVD-2019-2220

Malware in sbrugna...

EUVD-2015-6797

Malware in sbrugna...

EUVD-2021-7539

Malicious code in bioql PyPI...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2021-20077

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity NHI Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used...

Error: could not get determine if bucket supports versioning: Access Denied

Challenge Veeam Kasten for Kubernetes is unable to monitor or refresh the retention period of the data in the S3 bucket and cannot calculate the lock duration based on your retention setting because of this issue. This will show up as an error message in the notification bar: error: can't connect...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

Tenable Nessus Agent 7.2.0 - 8.2.2 Multiple Vulnerabilities (TNS-2021-04)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...

CVE-2021-20077

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...

Code injection

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...

CVE-2021-20077

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...

CVE-2021-20077

CVE-2021-20077 affects Tenable Nessus Agent versions 7.2.0–8.2.2 installed on Amazon EC2. During initial linking, the agent could inadvertently capture the IAM role security token on the local host, enabling a privileged attacker to obtain the token. The commonly cited remediation is upgrading to...

Tenable Nessus Agent < 8.2.3 Multiple Vulnerabilities (TNS-2021-04)

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Additionally, one third-part...

[R1] Nessus Agent 8.2.3 Fixes Multiple Vulnerabilities

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Additionally, one third-part...

How to Create IAM Role for Veeam Backup for AWS using Access Keys

How to create the required IAM role using Add IAM Role wizard and Access Keys...

How to Deploy FLR Relay Proxy

Deprecated Feature The FLR Relay Proxy feature described in this article was deprecated in Veeam Backup for AWS 7. In deployments where the feature was enabled before upgrading to Veeam Backup for AWS 7, the FLR Relay tab will still appear in the options. However, for Veeam Backup for AWS 7...

How to Create Custom Worker Instance IAM Role

The Worker IAM role is used to launch worker instances for backup and restore using S3 repository...

Unauthorized Access

github.com/openshift/cluster-kube-apiserver-operator allows unauthorized access. Users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master...