15 matches found
CVE-2026-55418
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
EUVD-2026-28893
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...
GHSA-WJ3P-5H3X-C74Q Rancher Backup Operator pod's logs leak S3 tokens
Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...
Rancher Backup Operator pod's logs leak S3 tokens
Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...
EUVD-2025-25594
Malicious code in bioql PyPI...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
PT-2025-34377 · Nextchat · Nextchat
Name of the Vulnerable Software and Affected Versions: NextChat affected versions not specified Description: NextChat contains a cross-site scripting XSS issue in the HTMLPreview component of artifacts.tsx. This allows attackers to execute arbitrary JavaScript code when HTML content is rendered i...
CVE-2025-50733
NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...
Exploit for CVE-2024-48217
CVE-2024-48217 Sismart Vulnerability ---------------------------...
UBUNTU-CVE-2023-51651
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
Azure Storage Keys、Azure Functions、Azure Role Based Access に関するベスト プラクティス
本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概...
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar wi...
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with vario...
Overwriting storage slots in MIMOProxy
Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...
IBM Tivoli Key Lifecycle Manager Security Bypass Vulnerability
IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security bypass vulnerability exist...