Lucene search
K

566 matches found

Snyk
Snyk
added 2026/04/15 8:22 p.m.4 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the configuration API when type protection is missing for sensitive fields. An attacker can obtain confidential credentials by sending requests directly to the API...

9.3CVSS5.4AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 7:15 p.m.33 views

CVE-2025-41118

Pyroscope (open-source continuous profiling DB) is affected when configured to use Tencent COS as the storage backend. The issue allows extraction of the secret_key configuration value from the Pyroscope API due to missing type protection, potentially exposing sensitive credentials to an attacker...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References5Affected Software1
Akamai Blog
Akamai Blog
added 2026/04/07 1:0 p.m.6 views

Scale Smarter: A Practical Guide to Building with Akamai Object Storage

Akamai Object Storage provides high-performance, cost-effective Amazon S3–compatible object storage. Here's what it's used for and how to set it up...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/06 9:26 a.m.3 views

BIT-MINIO-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version 2026.03.26, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.3 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.6 views

SUSE CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS6.1AI score0.00469EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:5 p.m.20 views

CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

9.2CVSS0.0041EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26758

Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2026-03-17T21-25-16Z Description The MinIO AIStor Security Token Service STS AssumeRoleWithLDAPIdentity endpoint is susceptible to LDAP credential brute-forcing. This is due to a combination of distinguishable...

10CVSS5.8AI score0.03256EPSS
Exploits67References151
EUVD
EUVD
added 2026/03/09 8:50 p.m.6 views

EUVD-2026-10357

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.6 views

PT-2026-24115

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A path traversal flaw exists in the PWA Progressive Web App ZIP processing endpoint, specifically at...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/03/04 3:8 p.m.4 views

CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...

6.8CVSS5.8AI score0.0034EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS5.5AI score0.00469EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/26 8:0 p.m.11 views

Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure

Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...

7.7CVSS5.6AI score0.00469EPSS
Exploits0References7Affected Software3
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

7.7CVSS5.9AI score0.00469EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.14 views

PT-2026-22075

Name of the Vulnerable Software and Affected Versions Terraform Provider for Linode versions prior to 3.9.0 Description The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References146
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in the Navigation feature in Google Chrome before version 147.0.7727.55 could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a...

9.8CVSS5.9AI score0.00608EPSS
Exploits0References68
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD...

7.5CVSS7.1AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/02/14 4:15 p.m.6 views

UBUNTU-CVE-2026-23136

In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate stat...

7.5CVSS5.7AI score0.0028EPSS
Exploits0References16
EUVD
EUVD
added 2026/02/14 3:22 p.m.6 views

EUVD-2026-5901

In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate stat...

5.2AI score0.0028EPSS
Exploits0References4
Rows per page
Query Builder