12 matches found
CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
CVE-2025-36364
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
Linux Distros Unpatched Vulnerability : CVE-2021-39900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary...
Research on iOS apps shows widespread exposure of secrets
Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming...
CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their...
PYSEC-2024-121
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...
The vulnerability of the web application of the 1C:Enterprise system, related to the storage and transmission of data in an open manner, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the 1C:Enterprise web application relates to the storage and transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
xdLocalStorage input validation error vulnerability (CNVD-2020-28469)
xdLocalStorage is a lightweight JavaScript library that supports cross-domain data storage . An input validation error vulnerability exists in xdLocalStorage, which stems from a function that does not perform any validation on the origin of a Web message. An attacker can exploit this vulnerabilit...
CVE-2019-11380
The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage...
CVE-2019-4218
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227...
Android Widevine Trusted Application Information Disclosure Vulnerability
Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Widevine Trusted Application is one of the components used to validate the Google DRM platform. A security vulnerability exists in Widevine Trusted Application in version 6.0.1 of...