Lucene search
K

12 matches found

Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
NVD
NVD
added 2026/06/24 7:17 p.m.11 views

CVE-2026-53948

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:6 p.m.4 views

CVE-2026-53948 Ghost: File Upload Content-Type Spoofing

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 6:6 p.m.9 views

CVE-2026-53948

CVE-2026-53948 affects Ghost CMS (Node.js) due to insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint. Between 6.19.4 and 6.21.1, uploaded files could be served with an attacker-chosen content type on S3/GCS storage backends, and in installations serv...

5.4CVSS5.6AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52072

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint allows uploaded files to be served with an attacker-chosen content type when using S3 or GCS...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 2026/04/07 3:3 p.m.40 views

CVE-2026-35492

Kedro-Datasets PartitionedDataset has a path traversal vulnerability prior to 9.3.0, where partition IDs were concatenated with the dataset base path without validation, potentially allowing writing outside the dataset directory on local FS or storage backends (S3, GCS, etc.). The issue affects a...

6.5CVSS6AI score0.00427EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 3:3 p.m.2 views

CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS6.1AI score0.00427EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/01 7:51 p.m.3 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.5 views

SUSE CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

4.8CVSS5.7AI score0.00341EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/03 2:28 p.m.6 views

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

3.7CVSS5.9AI score0.00341EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/03 8:29 p.m.28 views

CVE-2025-24961 Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy

org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this...

6CVSS0.00528EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.4 views

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References3
Rows per page
Query Builder