Lucene search
K

721 matches found

Nuclei
Nuclei
added yesterday168 views

MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS7AI score0.02421EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday252 views

MinIO Operator Console Authentication Bypass

MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...

9.8CVSS7AI score0.46706EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday107 views

MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

7.7CVSS7AI score0.24784EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago121 views

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...

7.5CVSS7.1AI score0.83957EPSS
Exploits13References5
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 9:16 p.m.13 views

CVE-2026-54352

Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...

9.6CVSS0.00494EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 8:32 p.m.26 views

CVE-2026-54352 Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload

Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...

9.6CVSS0.00494EPSS
Exploits1References1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, coder-fips, kubernetes-dashboard, calico-fips, traefik, zarf-fips, argo-cd, argo-workflows-fips, reports-server, knative-serving-fips, aactl, mattermost-fips, rancher-agent, k9s, argo-workflows, spire-server, traefik-fips,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: flux, fscrypt, kubernetes-dashboard, k9s, argocd-image-updater, loki, mattermost, argo-cd, zarf, containerd, knative-serving, minio, trivy-operator, trivy, skaffold, flux-image-automation-controller, opentelemetry-collector, rancher, helm, cloud-provider-aws, kots,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: guac, glab, crossplane-provider-azure-storage, tflint, terraform-provider-tls, cluster-api-azure-controller, ko, step, opentelemetry-collector, pulumi-language-yaml, cloud-provider-aws, spire-server, kaf, mods, nfpm, ksops, go-discover, tekton-chains,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: flux, fscrypt, kubernetes-dashboard, k9s, argocd-image-updater, loki, mattermost, argo-cd, zarf, containerd, knative-serving, minio, trivy-operator, trivy, skaffold, flux-image-automation-controller, opentelemetry-collector, rancher, helm, cloud-provider-aws, kots,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: flux, fscrypt, teleport, kubernetes-dashboard, loki, mattermost, argo-cd, containerd, knative-serving, minio, docker-cli-buildx, opentelemetry-collector, rancher, helm, cloud-provider-aws, kots, buildah, spire-server, kaf, prometheus-operator, kubernetes, cert-manage...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: guac, step, opentelemetry-collector, pulumi-language-yaml, cloud-provider-aws, spire-server, kaf, nfpm, go-discover, dagger, snyk-cli, istio, openbao, step-issuer, aactl, rancher, flux-source-controller, flux, mattermost, syft, trivy, skaffold, pulumi-language-java,...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/22 11:33 p.m.12 views

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Summary POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/18 1:59 p.m.8 views

ROOT-APP-GOBINARY-CVE-2026-40344 CVE-2026-40344 in rootio-github.com/minio/minio - Patched by Root

Root has patched CVE-2026-40344 in the rootio-github.com/minio/minio package for Root:Go. Multiple fixed versions available...

8.2CVSS5.8AI score0.00418EPSS
Exploits0
OSV
OSV
added 2026/06/18 1:59 p.m.6 views

ROOT-APP-GOBINARY-CVE-2026-41145 CVE-2026-41145 in rootio-github.com/minio/minio - Patched by Root

Root has patched CVE-2026-41145 in the rootio-github.com/minio/minio package for Root:Go. Multiple fixed versions available...

8.2CVSS5.8AI score0.00349EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

MinIO RELEASE.2022-07-24T01-54-52Z < RELEASE.2026-04-14T21-32-45Z Path Traversal (CVE-2026-42600)

The version of MinIO installed on the remote host is RELEASE.2022-07-24T01-54-52Z or later but prior to RELEASE.2026-04-14T21-32-45Z. It is, therefore, affected by a path traversal vulnerability: - A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a...

6.9CVSS5.4AI score0.08457EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

PenguinMod-BackendApi 输入验证错误漏洞

PenguinMod-BackendApi is a backend API service developed under the open source of PenguinMod, supporting storage using MongoDB and MinIO. Prior to version 1.0.0 of PenguinMod-BackendApi, there was a vulnerability related to input validation errors. This vulnerability stemmed from NoSQL injection ...

8.7CVSS5.3AI score0.00251EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/09 1:48 p.m.12 views

GHSA-HV4R-MVR4-25VW vulnerabilities

Vulnerabilities for packages: minio...

5.4AI score
Exploits0
Wolfi
Wolfi
added 2026/06/09 1:48 p.m.10 views

GHSA-H749-FXX7-PWPG vulnerabilities

Vulnerabilities for packages: minio...

5.4AI score
Exploits0
Rows per page
Query Builder