Lucene search
K

14931 matches found

Vulnrichment
Vulnrichment
added 2026/04/20 7:20 p.m.6 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 7:20 p.m.30 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS0.00096EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 10:59 a.m.5 views

CVE-2026-6437

A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

5.7CVSS5.8AI score0.00096EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/18 1:7 a.m.13 views

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6Affected Software1
Schneier on Security
Schneier on Security
added 2026/04/17 11:2 a.m.12 views

Mythos and Cybersecurity

Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations--Microsoft, Appl...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 1:17 a.m.5 views

GHSA-FMQP-4WFC-W3V7 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, kyverno-notation-aws-fips...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33485

Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Amazon EFS CSI Driver 安全漏洞

The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/16 12:29 a.m.7 views

aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)

yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...

2.9CVSS5.8AI score0.00131EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.16 views

Node.js Module axios < 1.15.0 Multiple Vulnerabilities

The version of the axios Node.js module installed on the remote host is prior to 1.15.0. It is, therefore, affected by multiple vulnerabilities: - Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot...

9.9CVSS6.1AI score0.01815EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.3 views

Amazon Athena ODBC Driver < 2.0.5.1 Command Injection (Linux)

The version of Amazon Athena ODBC Driver installed on the remote Linux host is prior to 2.0.5.1. It is, therefore, affected by a vulnerability: - OS command injection in the browser-based authentication component might allow a threat actor to execute arbitrary code by using specially crafted...

7.8CVSS6.2AI score0.00727EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.15 views

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)

The version of firefox installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-056 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network...

10CVSS6.3AI score0.01052EPSS
Exploits1References80
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.11 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)

The version of thunderbird installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3241 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphic...

10CVSS7.3AI score0.01052EPSS
Exploits1References84
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.10 views

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3244 (ALAS-2026-3244)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3244 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

7.5CVSS6.4AI score0.01052EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.25 views

Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3231 (ALAS-2026-3231)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3231 advisory. In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Amazon Linux 2 : perl-XML-Parser, --advisory ALAS2-2026-3230 (ALAS-2026-3230)

The version of perl-XML-Parser installed on the remote host is prior to 2.41-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3230 advisory. XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption...

9.8CVSS6.1AI score0.00604EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.17 views

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3239 (ALAS-2026-3239)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3239 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occu...

9.8CVSS6.1AI score0.00323EPSS
Exploits6References16
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.35 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)

The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.24 views

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3249 (ALAS-2026-3249)

The version of openssl11 installed on the remote host is prior to 1.1.1zg-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3249 advisory. Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE:...

8.1CVSS5.9AI score0.00885EPSS
Exploits0References10
Rows per page
Query Builder