566 matches found
CVE-2026-42335
MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...
PT-2026-43396
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...
Improper Integrity Verification
Amazon SageMaker Python SDK is vulnerable to improper integrity verification. The vulnerability is due to missing integrity verification in the Triton inference handler, which allows an authenticated attacker with S3 write access to replace model artifacts with a specially crafted pickle payload...
GHSA-RQ6V-X3J8-7QGF Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...
Security Bulletin: IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query (CVE-2026-6938)
Summary IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query Vulnerability Details CVEID:CVE-2026-6938 DESCRIPTION: IBM Db2 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query...
PT-2026-42246
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...
Budibase: Unrestricted Upload of File with Dangerous Type
Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
EUVD-2026-29104
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359
Meari IoT Cloud uses Alibaba OSS for alert image storage; motion snapshots can be retrieved without authentication, signed URLs, or expiry enforcement. This affects motion alert images exposed as direct object references, with URLs remaining valid beyond expected windows. Root cause is lack of ac...
CVE-2026-33359
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
Unstructured Data Backup from Google Cloud Storage fails with a Bad Request error
Challenge An Unstructured Data Backup of data from Google Cloud Storage added to Veeam Backup & Replication as an S3-Compatible Object Storage data source fails with the following error: Failed to perform object backup Error: Agent: Failed to process method NasMaster.ExecuteBackupProcessor: Faile...
PT-2026-37613
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ceph zero partial object function lacks the proper snapshot context for its OSD write operations. This deficiency can result in data inconsistencies within snapshots. Recommendations...
Virtuozzo Infrastructure 7.3 Hotfix 2 (7.3.0-185)
This update provides stability fixes. Vulnerability id: VSTOR-128568 Backend initialization could fail when more than one project used the name 'admin'. Vulnerability id: VSTOR-129614 The Backup Gateway service could crash when removing an empty file. Vulnerability id: VSTOR-130137 Collecting a...
Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
CVE-2026-42810
Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...
BIT-GRAFANA-PYROSCOPE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
A flaw was found in Pyroscope. When Tencent Cloud Object Storage COS is configured as the storage backend, an attacker with access to the Pyroscope API can extract the secretkey value in plaintext. This issue leads to sensitive information disclosure. Mitigation To mitigate this vulnerability,...
EUVD-2025-209489
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...