CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

PT-2026-7442

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A flaw exists in the System Management Mode SMM handler due to improper input validation. This could allow an attacker with Ring0 access to write to System Management RAM SMRAM and alter the execution flow...

AMD多款产品 安全漏洞

Both the AMD Ryzen and AMD EPYC are products of American semiconductor company AMD. The AMD Ryzen is a central processing unit CPU. The AMD EPYC is a high-performance server processor. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper input validation,...

CLSA-2026-1770213436 Update of microcode_ctl

Update Intel CPU microcode to 20251111: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000410; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b000650; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +997 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)

fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.6.22 and more Source cves: CVE-2026-25128 Source advisory: OSV:GHSA-37QJ-FRW5-HHJH...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +997 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)

fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.6.22 and more Source cves: CVE-2026-25128 Source advisory: SNYK:JS-FASTXMLPARSER-15155603...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2025-66488

Discourse (open source platform) has a vulnerability affecting installations using S3 for uploads, present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The issue allows script execution within the S3/CDN domain context when HTML/XML uploads are processed; no site credentials ar...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

SUSE CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

[SECURITY] Fedora 43 Update: rclone-1.72.1-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

Malicious Package

Overview client-s3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-302 Malicious code in s3-cache-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2a516ba427a772d00c202a782f0c11f2217ddb8360626591dbbd72b68cc5a1b The package s3-cache-handler was found to contain malicious code...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001438 advisory. An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even...

CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

CVE-2025-68671

lakeFS - S3 gateway vulnerability: missing timestamp validation in authenticated requests allows replay attacks. Attackers can reuse valid signed requests until credentials rotate; impact is limited to replay of previously captured requests. Affected: lakeFS S3 gateway; root cause is lack of time...

EUVD-2026-2725

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication...

Juniper Networks Junos OS security vulnerabilities

Juniper Networks Junos OS is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. Vulnerabilities exist in versions of Juniper Networks Junos OS prior to 22.4R3-S8, 23.2R2-S5...

org.sonatype.nexus.api.extdirect:nexus-api-extdirect-selfhosted (>=3.81.0-08 <=3.87.2-01), org.sonatype.nexus.api.rest:nexus-api-rest-common (>=3.81.0-08 <=3.87.2-01) +8 more potentially affected by CVE-2026-0600 via org.sonatype.nexus.plugins:nexus-blobstore-s3 (>=3.12.0-01 <=3.87.2-01)

org.sonatype.nexus.plugins:nexus-blobstore-s3 MAVEN version =3.12.0-01, =3.81.0-08, =3.81.0-08, =3.81.0-08, =3.60.0-02, =3.12.0-01, =3.12.0-01, =3.71.0-06, =3.37.0-01, =3.78.0-14, =3.83.0-08, =3.87.2-01 Source cves: CVE-2026-0600 Source advisory: SNYK:JAVA-ORGSONATYPENEXUSPLUGINS-14946105...

Amazon S3 Encryption Client for Java JAR Detection

Binary data s3encryptionclientjavadetect.nbin...