Lucene search
K

15 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-55418

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS6AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/09 3:48 a.m.12 views

EUVD-2026-28893

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00357EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 4:44 p.m.3 views

GHSA-WJ3P-5H3X-C74Q Rancher Backup Operator pod's logs leak S3 tokens

Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...

6.8CVSS5.8AI score0.0034EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/03 4:44 p.m.7 views

Rancher Backup Operator pod's logs leak S3 tokens

Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...

6.8CVSS5.8AI score0.0034EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25594

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2025/08/22 4:15 p.m.4 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

6.1CVSS0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.4 views

PT-2025-34377 · Nextchat · Nextchat

Name of the Vulnerable Software and Affected Versions: NextChat affected versions not specified Description: NextChat contains a cross-site scripting XSS issue in the HTMLPreview component of artifacts.tsx. This allows attackers to execute arbitrary JavaScript code when HTML content is rendered i...

6.1CVSS6AI score0.00188EPSS
Exploits0References5
CVE
CVE
added 2025/08/22 12:0 a.m.16 views

CVE-2025-50733

NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/11/01 4:44 a.m.106 views

Exploit for CVE-2024-48217

CVE-2024-48217 Sismart Vulnerability ---------------------------...

8.8CVSS9.9AI score0.0068EPSS
Exploits1
OSV
OSV
added 2023/12/22 9:15 p.m.1 views

UBUNTU-CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS6AI score0.00376EPSS
Exploits0References4
MSRC
MSRC
added 2023/04/11 7:0 a.m.20 views

Azure Storage Keys、Azure Functions、Azure Role Based Access に関するベスト プラクティス

本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/04/11 7:0 a.m.23 views

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar wi...

6.7AI score
Exploits0
MSRC
MSRC
added 2023/04/11 7:0 a.m.9 views

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with vario...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/08/07 12:0 a.m.16 views

Overwriting storage slots in MIMOProxy

Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...

6.7AI score
Exploits0
CNVD
CNVD
added 2017/02/10 12:0 a.m.5 views

IBM Tivoli Key Lifecycle Manager Security Bypass Vulnerability

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security bypass vulnerability exist...

8.1CVSS6.6AI score0.01031EPSS
Exploits0References1
Rows per page
Query Builder