CVE-2026-41647 Incus: Nil-Pointer Dereference via S3 Bucket Import

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

CVE-2025-14762

A flaw was found in the AWS SDK for Ruby, an open-source client-side encryption library. A user with write access to an S3 Simple Storage Service bucket can exploit a missing cryptographic key commitment. This allows the introduction of a new Encrypted Data Key EDK that decrypts to different...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

AWS SDK for C++ 安全漏洞

AWS SDK for C++ is an open source developer toolkit for C++ by Amazon Web Services A security vulnerability exists in AWS SDK for C++ that stems from a lack of cryptographic key commitment, which could lead to a user with write access to an S3 storage bucket introducing a new EDK that decrypts a...

AWS VDP: Responsible disclosure - public S3 bucket exposing JSON/config files

A publicly listable S3 bucket was discovered, exposing various JSON and configuration files. The bucket listing and file metadata were retrievable without authentication...

EUVD-2020-9460

Malware in sbrugna...

EUVD-2021-13693

Malware in sbrugna...

EUVD-2023-58282

Malicious code in bioql PyPI...

EUVD-2024-17207

Malicious code in bioql PyPI...

EUVD-2023-0577

Malicious code in bioql PyPI...

EUVD-2025-19634

Malicious code in bioql PyPI...

EUVD-2025-6981

Malicious code in bioql PyPI...

EUVD-2025-13305

Malicious code in bioql PyPI...

EUVD-2024-17416

Malicious code in bioql PyPI...

EUVD-2021-27702

Malicious code in bioql PyPI...