Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cloud-platforms Clear
ID Title
CVE-2026-14471 SQL Injection in Amazon aws (CVE-2026-14471)
SQL injection in Amazon aws (CVE-2026-14471). Confidential information can be exposed externally.
CVE-2026-14265 Unsafe Deserialization in Amazon aws (CVE-2026-14265)
vulnerability in Amazon aws (CVE-2026-14265). Successful exploitation can lead to full system takeover.
CVE-2026-13760 OS Command Injection in Amazon aws (CVE-2026-13760)
OS command injection in Amazon aws (CVE-2026-13760). Successful exploitation can lead to full system takeover.
CVE-2026-12957 Vulnerability in Amazon aws (CVE-2026-12957)
vulnerability in Amazon aws (CVE-2026-12957). Successful exploitation can lead to full system takeover.
CVE-2026-12530 Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
CVE-2026-12043 Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-10591 Vulnerability in Amazon aws (CVE-2026-10591)
vulnerability in Amazon aws (CVE-2026-10591). Successful exploitation can lead to full system takeover.
CVE-2026-9255 Vulnerability in Amazon aws (CVE-2026-9255)
vulnerability in Amazon aws (CVE-2026-9255). Successful exploitation can lead to full system takeover.
CVE-2026-9133 Vulnerability in Amazon aws (CVE-2026-9133)
vulnerability in Amazon aws (CVE-2026-9133). Confidential information can be exposed externally. Exploitable via `PUT /api/aws/arn/validate`.
CVE-2026-8768 SSRF (Server-Side Request Forgery) in vercel (CVE-2026-8768)
SSRF in vercel (CVE-2026-8768). Risk of unauthorized operations or information disclosure.
CVE-2026-8686 Out-of-Bounds Read in Amazon aws (CVE-2026-8686)
vulnerability in Amazon aws (CVE-2026-8686). Risk of unauthorized operations or information disclosure.
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2026-46508 Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-46300 Out-of-Bounds Write in Amazon aws (CVE-2026-46300)
out-of-bounds write in Amazon aws (CVE-2026-46300). Successful exploitation can lead to full system takeover.
CVE-2026-45109 Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
CVE-2026-44579 Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44578 SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44575 Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44574 Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44573 Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-5747 Vulnerability in Amazon aws (CVE-2026-5747)
vulnerability in Amazon aws (CVE-2026-5747). Successful exploitation can lead to full system takeover.
CVE-2026-4269 Vulnerability in Amazon aws (CVE-2026-4269)
vulnerability in Amazon aws (CVE-2026-4269). Successful exploitation can lead to full system takeover.
CVE-2026-3336 Vulnerability in Amazon aws (CVE-2026-3336)
vulnerability in Amazon aws (CVE-2026-3336). Data can be tampered with by attackers.
CVE-2026-8178 Vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178)
vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.2` or later.
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2015-8315 Vulnerability in dos (CVE-2015-8315)
vulnerability in dos (CVE-2015-8315). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →