An open project to list all known cloud vulnerabilities and CSP security issues
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant access and potential global admin privilege escalation. The flaw was found in the legacy Azu...
Wed, Sep 17th, 2025
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access to other customer's code repositories and data. By preparing a maliciously crafted package.json file, an at...
Thu, Aug 21st, 2025
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host. This information disclosure issue, if exploited, could allow another instance in the same securi...
Thu, Aug 14th, 2025
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack ...
Thu, May 22nd, 2025
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers wer...
Mon, May 19th, 2025
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have b...
Sat, May 10th, 2025