Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14265 |
|
Unsafe Deserialization in Amazon aws (CVE-2026-14265)
vulnerability in Amazon aws (CVE-2026-14265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12530 |
|
Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
|
| CVE-2026-12043 |
|
Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11393 |
|
Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11400 |
|
CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
|
| CVE-2026-11401 |
|
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-8596 |
|
Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-42193 |
|
Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|