An open project to list all known cloud vulnerabilities and CSP security issues
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code in repositories using CodeQL, potentially leading to source code exfiltration, secrets c...
Wed, Mar 26th, 2025
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and ke...
Wed, Feb 26th, 2025
Azure iPaaS services, such as Logic Apps, separate the Control Plane (management) from the Data Plane (execution), but a flaw in this model enabled undetectable data harvesting. An attacker with Az...
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), ...
Mon, Dec 16th, 2024
A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in acce...
Tue, Nov 12th, 2024
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to...
Fri, Nov 1st, 2024