CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

Missing Cryptographic Key Commitment

aws/aws-sdk-php is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper handling of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decryp...

[SECURITY] Fedora 42 Update: luksmeta-10-1.fc42

LUKSMeta is a command line utility for storing small portions of metadata in the LUKSv1 header for use before unlocking the volume...

U.S. Dept Of Defense: Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)

A publicly accessible CDN endpoint was found that returned raw XML listing of stored objects, including metadata such as Key, LastModified, Size, StorageClass, and ETag. The ETag values, which can contain object hashes, were exposed publicly. This configuration allowed reconnaissance of the...

All instances of storage metadata are corrupted

Challenge A task in Veeam Backup & Replication fails with the error: All instances of storage metadata are corrupted. Copy Cause It's important first to understand what the "storage metadata" is. The storage metadata is akin to an MFT master file table for the Veeam Backup & Replication backup...