Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14904 |
|
Vulnerability in Amazon aws (CVE-2026-14904)
vulnerability in Amazon aws (CVE-2026-14904). Confidential information can be exposed externally.
|
| CVE-2026-14471 |
|
SQL Injection in Amazon aws (CVE-2026-14471)
SQL injection in Amazon aws (CVE-2026-14471). Confidential information can be exposed externally.
|
| CVE-2026-14265 |
|
Unsafe Deserialization in Amazon aws (CVE-2026-14265)
vulnerability in Amazon aws (CVE-2026-14265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13760 |
|
OS Command Injection in Amazon aws (CVE-2026-13760)
OS command injection in Amazon aws (CVE-2026-13760). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13769 |
|
Vulnerability in Amazon aws (CVE-2026-13769)
vulnerability in Amazon aws (CVE-2026-13769). Confidential information can be exposed externally.
|
| CVE-2026-13762 |
|
Vulnerability in Amazon aws (CVE-2026-13762)
vulnerability in Amazon aws (CVE-2026-13762). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12957 |
|
Vulnerability in Amazon aws (CVE-2026-12957)
vulnerability in Amazon aws (CVE-2026-12957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50195 |
|
Vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195)
vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195). Successful exploitation can lead to full system takeover. Exploitable via ``IfNotPresent``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-12530 |
|
Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
|
| CVE-2026-11931 |
|
Vulnerability in Amazon aws (CVE-2026-11931)
vulnerability in Amazon aws (CVE-2026-11931). Confidential information can be exposed externally.
|
| CVE-2026-12043 |
|
Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10740 |
|
Vulnerability in Amazon aws (CVE-2026-10740)
vulnerability in Amazon aws (CVE-2026-10740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11393 |
|
Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11400 |
|
CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
|
| CVE-2026-11401 |
|
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
|
| CVE-2026-10584 |
|
Vulnerability in Amazon aws (CVE-2026-10584)
vulnerability in Amazon aws (CVE-2026-10584). Confidential information can be exposed externally.
|
| CVE-2026-10591 |
|
Vulnerability in Amazon aws (CVE-2026-10591)
vulnerability in Amazon aws (CVE-2026-10591). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9291 |
|
Unsafe Deserialization in amazon-braket-sdk (CVE-2026-9291)
vulnerability in amazon-braket-sdk (CVE-2026-9291). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.117.0` or later.
|
| CVE-2026-9255 |
|
Vulnerability in Amazon aws (CVE-2026-9255)
vulnerability in Amazon aws (CVE-2026-9255). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9133 |
|
Vulnerability in Amazon aws (CVE-2026-9133)
vulnerability in Amazon aws (CVE-2026-9133). Confidential information can be exposed externally. Exploitable via `PUT /api/aws/arn/validate`.
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-8769 |
|
Vulnerability in @ai-sdk/provider-utils (CVE-2026-8769)
vulnerability in @ai-sdk/provider-utils (CVE-2026-8769). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8768 |
|
SSRF (Server-Side Request Forgery) in vercel (CVE-2026-8768)
SSRF in vercel (CVE-2026-8768). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8767 |
|
Command Injection in vercel (CVE-2026-8767)
command injection in vercel (CVE-2026-8767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8686 |
|
Out-of-Bounds Read in Amazon aws (CVE-2026-8686)
vulnerability in Amazon aws (CVE-2026-8686). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46359 |
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
| CVE-2026-46508 |
|
Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
|
| CVE-2026-45773 |
|
Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-45772 |
|
Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-8596 |
|
Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-46300 |
|
Out-of-Bounds Write in Amazon aws (CVE-2026-46300)
out-of-bounds write in Amazon aws (CVE-2026-46300). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44479 |
|
Information Disclosure in vercel (CVE-2026-44479)
vulnerability in vercel (CVE-2026-44479). Confidential information can be exposed externally. Exploitable via ``VERCEL_TOKEN``. Mitigation: upgrade to `52.0.1` or later.
|
| CVE-2026-45109 |
|
Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-44572 |
|
Vulnerability in next (CVE-2026-44572)
vulnerability in next (CVE-2026-44572). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44581 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44581)
cross-site scripting in next (CVE-2026-44581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44582 |
|
Vulnerability in next (CVE-2026-44582)
vulnerability in next (CVE-2026-44582). Risk of unauthorized operations or information disclosure. Exploitable via ``_rsc``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44580 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44580)
cross-site scripting in next (CVE-2026-44580). Risk of unauthorized operations or information disclosure. Exploitable via ``beforeInteractive``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44579 |
|
Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44577 |
|
Vulnerability in next (CVE-2026-44577)
vulnerability in next (CVE-2026-44577). Risk of unauthorized operations or information disclosure. Exploitable via ``images.localPatterns``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44578 |
|
SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44576 |
|
Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44575 |
|
Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44574 |
|
Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44573 |
|
Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-7461 |
|
Vulnerability in Amazon aws (CVE-2026-7461)
vulnerability in Amazon aws (CVE-2026-7461). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8904 |
|
Vulnerability in Amazon aws (CVE-2025-8904)
vulnerability in Amazon aws (CVE-2025-8904). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9039 |
|
Vulnerability in Amazon aws (CVE-2025-9039)
vulnerability in Amazon aws (CVE-2025-9039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5747 |
|
Vulnerability in Amazon aws (CVE-2026-5747)
vulnerability in Amazon aws (CVE-2026-5747). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6031 |
|
Vulnerability in Amazon aws (CVE-2025-6031)
vulnerability in Amazon aws (CVE-2025-6031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7191 |
|
Vulnerability in Amazon aws (CVE-2026-7191)
vulnerability in Amazon aws (CVE-2026-7191). Risk of unauthorized operations or information disclosure.
|