Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Google Cloud — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting Google Cloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Google Cloud:LookerLooker StudioGoogle Cloud SecOps SOARBigQueryAgent Development Kit (ADK)Cloud BuildVertex AI WorkbenchVertex AI ExperimentsVertex AI SDK for PythonGemini Enterprise (formerly Agentspace)Dialogflow CX MessengerDialogflow CXCloud Data FusionApigee-XApigee hybrid Javacallout policyVertex AI: Partner Models for MaaSGoogle SecOps SOARDataformClassic Application Load BalancerApplication IntegrationMigrate to Containers
CVE IDTitleCVSSSeverityPublished
CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages — BigQueryCWE-209 4.3AIMediumAI2026-04-23
CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK) — Agent Development Kit (ADK)CWE-306 9.8 -2026-04-13
CVE-2026-3136 Google Cloud Build Comment Control Bypass — Cloud BuildCWE-863 9.8AICriticalAI2026-03-03
CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench — Vertex AI WorkbenchCWE-200 7.5AIHighAI2026-02-26
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft. — Vertex AI ExperimentsCWE-340 9.8AICriticalAI2026-02-20
CVE-2026-2472 Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization — Vertex AI SDK for PythonCWE-79 6.1AIMediumAI2026-02-20
CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace. — Gemini Enterprise (formerly Agentspace)CWE-200 7.5AIHighAI2026-02-06
CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger — Dialogflow CX MessengerCWE-287 9.1AICriticalAI2025-12-18
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role — Dialogflow CXCWE-269 8.8AIHighAI2025-12-10
CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload — Cloud Data FusionCWE-502 8.8AIHighAI2025-12-10
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages — Google Cloud SecOps SOARCWE-20 8.8AIHighAI2025-12-09
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access. — Apigee-XCWE-269 9.1 -2025-12-06
CVE-2025-13426 Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution — Apigee hybrid Javacallout policyCWE-913 8.8 -2025-12-05
CVE-2025-12742 Remote Code Execution in Looker via Teradata JDBC Driver — LookerCWE-78 8.8AIHighAI2025-11-25
CVE-2025-12741 Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution — LookerCWE-20 8.8AIHighAI2025-11-24
CVE-2025-12740 Remote Command Execution in Looker via IBM DB2 JDBC drive — LookerCWE-20 8.8AIHighAI2025-11-24
CVE-2025-12739 Cross-Site Scripting (XSS) in Looker's Extension Loader leading to Admin Account Compromise — LookerCWE-79 7.6AIHighAI2025-11-24
CVE-2025-12414 Looker account compromise via punycode homograph attack — LookerCWE-290 7.4 -2025-11-20
CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database — LookerCWE-89 6.5AIMediumAI2025-11-19
CVE-2025-12472 Remote Code Execution in Looker due to Improperly Validated Directory Deletion — LookerCWE-362 7.5AIHighAI2025-11-19
CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio — Looker StudioCWE-269 8.8 -2025-11-10
CVE-2025-12409 SQL Injection in Looker Studio — Looker StudioCWE-89 8.1 -2025-11-10
CVE-2025-12397 SQL Injection in Looker Studio — Looker StudioCWE-89 8.8 -2025-11-10
CVE-2025-12155 Command Injection in Looker — LookerCWE-77 8.8 -2025-11-10
CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models — Vertex AI: Partner Models for MaaSCWE-444 9.8AICriticalAI2025-10-22
CVE-2025-9918 Zip Slip in Google SecOps SOAR allows for Remote Code Execution — Google SecOps SOARCWE-22 8.8AIHighAI2025-09-11
CVE-2025-9118 Dataform Path Traversal — DataformCWE-22 9.1AICriticalAI2025-08-25
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation — Classic Application Load BalancerCWE-444 7.5AIHighAI2025-05-16
CVE-2025-0982 Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine) — Application IntegrationCWE-829 10.0 -2025-02-06
CVE-2024-9858 Insecure user permissions in Google Cloud Migrate to Containers for Windows — Migrate to ContainersCWE-276 6.7 -2024-10-16

This page lists every published CVE security advisory associated with Google Cloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.