Lucene search
+L

53 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-53536 Activepieces: Cross-tenant file download via missing JWT audience check on step-files signed URL

Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...

5.3CVSS0.00184EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-53536 Activepieces: Cross-tenant file download via missing JWT audience check on step-files signed URL

Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...

5.3CVSS6.1AI score0.00184EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-53536

Activepieces (open source AI workflow automation) exposed a cross-tenant file exposure vulnerability prior to version 0.83.0. The /v1/step-files/signed download endpoint validated the JWT against the shared signing secret but did not check the token’s audience and, due to a missing null-check on ...

5.3CVSS6.1AI score0.00184EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:17 p.m.11 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:54 p.m.19 views

CVE-2026-58426

The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.4 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...

7.1CVSS5.4AI score0.00093EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 10:26 p.m.4 views

Directory Traversal

Overview @payloadcms/storage-gcs is a Payload storage adapter for Google Cloud Storage Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape th...

7.1CVSS6.5AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 9:44 p.m.3 views

EUVD-2026-18019

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints...

6.5CVSS5.9AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:44 p.m.3 views

GHSA-FRQ9-7J6G-V74X Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/01 9:44 p.m.13 views

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References3Affected Software4
NVD
NVD
added 2026/04/01 8:16 p.m.6 views

CVE-2026-34750

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 7:51 p.m.3 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 7:51 p.m.23 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 7:51 p.m.4 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS5.9AI score0.00341EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 10:22 p.m.5 views

Improper Encoding or Escaping of Output

Overview AWSSDK.CloudFront is an Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitment...

9.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/27 10:22 p.m.7 views

Improper Encoding or Escaping of Output

Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...

9.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2026/01/28 10:43 a.m.13 views

CVE-2025-41351

The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.12 views

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

6.5CVSS6.8AI score0.00481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.6 views

CVE-2025-62647

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

5.8CVSS7AI score0.00351EPSS
Exploits1References1
Rows per page
Query Builder