Lucene search
K

1045 matches found

Github Security Blog
Github Security Blog
added 2026/03/17 8:34 p.m.7 views

Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

7.5CVSS6.2AI score0.00242EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/17 8:34 p.m.4 views

Generation of Predictable Numbers or Identifiers

Overview bedrock-agentcore-starter-toolkit is an A starter toolkit for using Bedrock AgentCore Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the S3 bucket ownership verification. An attacker can achieve code execution in the runtime...

8.3CVSS6.4AI score0.00242EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/17 8:34 p.m.5 views

EUVD-2026-12490

Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2026/03/17 8:34 p.m.5 views

GHSA-XFHR-Q72Q-JCRJ Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

7.5CVSS6.2AI score0.00242EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/03/17 12:0 a.m.8 views

org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=2.0.0-M1 <=2.0.0-M2) potentially affected by CVE-2026-22730 via org.springframework.ai:spring-ai-mariadb-store (>=2.0.0-M1 <=2.0.0-M2)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =2.0.0-M1, =2.0.0-M1, =2.0.0-M2 Source cves: CVE-2026-22730 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679672...

8.8CVSS5.8AI score0.00522EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/17 12:0 a.m.11 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +169 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=1.1.0-M1 <=1.1.2)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.1.0-M1, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =25.4.0, =1.21.2, =0.1.0, =0.3.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-22729 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679673...

8.6CVSS5.7AI score0.00521EPSS
Exploits0
NVD
NVD
added 2026/03/16 6:16 p.m.8 views

CVE-2026-4269

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

7.5CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 6:3 p.m.3 views

CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

7.5CVSS6.3AI score0.00242EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 6:3 p.m.5 views

CVE-2026-4269

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

7.5CVSS6.3AI score0.00242EPSS
Exploits0References3
CVE
CVE
added 2026/03/16 6:3 p.m.22 views

CVE-2026-4269

CVE-2026-4269 : The Bedrock AgentCore Starter Toolkit (pre-v0.1.13) suffers from missing S3 ownership verification during the build process, enabling a remote attacker to inject code and execute it in the AgentCore Runtime when a toolkit is built after 2025-09-24. Affected: users on pre-0.1.13 bu...

7.5CVSS6.3AI score0.00242EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.14 views

PT-2026-25792

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

7.5CVSS6.4AI score0.00242EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Bedrock AgentCore Starter Toolkit 安全漏洞

Bedrock AgentCore Starter Toolkit is an open-source AI development and deployment toolkit provided by Amazon Web Services. Versions of the tool before v0.1.13 contain security vulnerabilities. These vulnerabilities stem from a lack of S3 ownership verification, which allows remote attackers to...

7.5CVSS5.9AI score0.00242EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/12 8:32 p.m.8 views

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-29066 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-29066 Source advisory: OSV:GHSA-M48G-4WR2-J2H6...

6.2CVSS5.8AI score0.01025EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 8:32 p.m.6 views

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28793 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28793 Source advisory: OSV:GHSA-2F24-MG4X-534Q...

8.4CVSS5.8AI score0.00203EPSS
Exploits1
EUVD
EUVD
added 2026/03/04 3:31 a.m.5 views

EUVD-2026-9349

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

7.2CVSS6AI score0.00313EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.5 views

CVE-2025-48646

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.28 views

CVE-2025-48646

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.5 views

EUVD-2025-208220

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00094EPSS
Exploits0References1
OSV
OSV
added 2026/03/01 12:0 a.m.7 views

ASB-A-457742426

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00094EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/27 10:9 p.m.6 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +937 more potentially affected by CVE-2026-28208 via com.github.junrar:junrar (>=0.7 <=7.5.7)

com.github.junrar:junrar MAVEN version =0.7, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.4, =1.2.0, =1.3.1 and more Source cves: CVE-2026-28208 Source advisory: OSV:GHSA-J273-M5QQ-6825...

5.9CVSS5.7AI score0.12038EPSS
Exploits1
Rows per page
Query Builder