46 matches found
GNCC GP5 安全漏洞
GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...
Directory Traversal
Overview @payloadcms/storage-gcs is a Payload storage adapter for Google Cloud Storage Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape th...
EUVD-2026-18019
Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints...
Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...
GHSA-FRQ9-7J6G-V74X Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...
CVE-2026-34750
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...
CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...
CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...
Improper Encoding or Escaping of Output
Overview AWSSDK.CloudFront is an Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitment...
Improper Encoding or Escaping of Output
Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...
CVE-2025-41351
The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2025-62647
The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...
EUVD-2018-7658
Malware in sbrugna...
EUVD-2022-3634
Malicious code in bioql PyPI...
GitLab 12.10 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13359)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and oth...
JetBrains TeamCity Authorization Issues Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...
The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.
The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...
ownCloud Security Breach
ownCloud is a personal cloud storage solution from US-based ownCloud, Inc. A security vulnerability exists in ownCloud core versions 10.6.0 through 10.13.0, which can be exploited to bypass WebDAV Api authentication using a pre-signed URL...
Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...