1857 matches found
WordPress S3 Video <=0.983 - Cross-Site Scripting
WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...
CVE-2026-46413
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...
CVE-2026-55873
SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...
EUVD-2026-42286
SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...
CVE-2026-55874
SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...
CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
CVE-2026-50185 vulnerabilities
Vulnerabilities for packages: deno, mountpoint-s3, apollo-router, yazi, komodo, pixi...
GHSA-3RJW-M598-PQ24 vulnerabilities
Vulnerabilities for packages: deno, mountpoint-s3, apollo-router, yazi, komodo, pixi...
CVE-2026-50185 vulnerabilities
Vulnerabilities for packages: yazi, mountpoint-s3, pixi, deno...
GHSA-3RJW-M598-PQ24 vulnerabilities
Vulnerabilities for packages: yazi, mountpoint-s3, pixi, deno...
[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
PT-2026-53930
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.34 Description A path traversal issue exists in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to one bucket can delete arbitrary objects in buckets belonging to other...
Malicious code in yastatic-s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6abc47a32b453ee0a12ea33e7512ccdea60ed1868839e952cbeedaccd002a06 Package name mimics Yandex's yastatic static-asset namespace. On install, postinstall.js performs an unconditional plain-HTTP GET to a hardcoded...
MAL-2026-6586 Malicious code in yastatic-s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6abc47a32b453ee0a12ea33e7512ccdea60ed1868839e952cbeedaccd002a06 Package name mimics Yandex's yastatic static-asset namespace. On install, postinstall.js performs an unconditional plain-HTTP GET to a hardcoded...
CVE-2026-50137
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
CVE-2026-50136 Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
GHSA-XV9W-7V6Q-HPJH fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`
The fluent-plugin-s3 plugin specifically the ins3 input plugin supports reading and decompressing heavily compressed files such as gzip, lzma2, and lzop from Amazon S3. It was discovered that the plugin read the entire decompressed payload into memory at once without enforcing a strict size limit...
CVE-2026-54917
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
Missing Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Missing Authorization in the process that retrieves S3 signature images. An attacker can access temporary signed S3 URLs for signature images by knowing the filename, allowi...
CVE-2026-48520
CVE-2026-48520 (Langflow) : Multiple sources confirm a vulnerability in the Shareable Playground/Public Flows feature prior to Langflow 1.10.0. An unauthenticated user can trigger public flow execution and supply a files list to the /api/v1/build_public_tmp endpoint, causing Langflow to read arbi...