Lucene search
K

137 matches found

OSV
OSV
added 2026/06/19 2:46 p.m.8 views

GHSA-6RFW-MQ36-JM8H Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/19 2:46 p.m.6 views

Arbitrary Argument Injection

Overview bedrock-agentcore is an An SDK for using Bedrock AgentCore Affected versions of this package are vulnerable to Arbitrary Argument Injection via the installpackages function. An attacker can execute arbitrary commands within the sandboxed environment or redirect package resolution to a...

8.4CVSS6AI score0.00302EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:46 p.m.11 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/17 10:16 p.m.21 views

CVE-2026-12530

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:5 p.m.22 views

CVE-2026-12530 Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-8421

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...

8.8CVSS5.9AI score0.00171EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/21 9:30 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /dashboard/extend/update/prepareremoteupgrade/ process. An attacker can execute arbitrary code as the web server user by tricking an authenticat...

8.8CVSS6AI score0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:25 p.m.8 views

CVE-2026-8421

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...

7.5CVSS6.1AI score0.00171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 8:25 p.m.36 views

CVE-2026-8421 Concrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCE

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...

7.5CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 8:25 p.m.27 views

CVE-2026-8421

Concrete CMS 9.5.0 and earlier versions include a CSRF vulnerability in the install_package() handler (concrete/controllers/single_page/dashboard/extend/install.php). An attacker who can induce an authenticated administrator to visit a crafted page and has placed or caused a package under DIR_PAC...

8.8CVSS6.1AI score0.00171EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/21 8:22 p.m.10 views

EUVD-2026-31337

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 8:22 p.m.25 views

CVE-2026-8426

Concrete CMS 9.5.0 and earlier fails to validate a CSRF token for requests to /dashboard/extend/update/prepare_remote_upgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and trigger the upgrade() method in a single b...

8.8CVSS6.5AI score0.00171EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:20 p.m.8 views

CVE-2026-8140

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...

7.5CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42548

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare remote upgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 4:54 p.m.12 views

CVE-2025-13828

Mautic platform; a flaw in the composer-based update/Marketplace flow allows a non-privileged user to install and remove arbitrary composer packages despite the enable-composer-based-update flag. Root cause: improper privilege management in the Marketplace integration enabling privilege escalatio...

9CVSS6.9AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.7 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from the ability of a non-privileged user to install and remove arbitrary...

9CVSS7AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4082

Malicious code in bioql PyPI...

8.8CVSS7AI score0.0228EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-41118

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.0086EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2024-d9c2873431)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS6.6AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder