Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.9 views

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/23 11:55 a.m.6 views

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/17 4:39 p.m.9 views

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...

9.8CVSS7.8AI score0.01534EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-36561

Malicious code in bioql PyPI...

9.9CVSS8.9AI score0.01013EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/10 1:34 p.m.2 views

Malicious code in @amazon-bedrock-agents-healthcare-lifesciences/docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecf7f917126f8a71d26227e7f55cdabe99eed6831cb23345e4045192f6a36446 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/10 1:34 p.m.3 views

MAL-2025-46999 Malicious code in @amazon-bedrock-agents-healthcare-lifesciences/docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecf7f917126f8a71d26227e7f55cdabe99eed6831cb23345e4045192f6a36446 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2024/12/10 12:0 a.m.14 views

Introducing Spring AI Amazon Bedrock Nova Integration via Converse API

The Amazon Bedrock Nova models represent a new generation of foundation models supporting a broad range of use cases, from text and image understanding to video-to-text analysis. With the Spring AI Bedrock Converse API integration, developers can seamlessly connect to these advanced Nova models a...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.15 views

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.20 views

Kibana < 8.15.1 (ESA-2024-27)

The version of Kibana installed on the remote host is prior to 8.15.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-27 advisory. - A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a craft...

9.9CVSS9.4AI score0.01013EPSS
Exploits0References2
OSV
OSV
added 2024/09/11 7:14 a.m.16 views

BIT-KIBANA-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS9.4AI score0.01013EPSS
Exploits0References2
OSV
OSV
added 2024/09/11 7:10 a.m.13 views

BIT-ELK-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS9.4AI score0.01013EPSS
Exploits0References2
NVD
NVD
added 2024/09/09 9:15 a.m.33 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS0.01013EPSS
Exploits0References1
OSV
OSV
added 2024/09/09 9:15 a.m.14 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

8.8CVSS7.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/09 8:29 a.m.15 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS7.6AI score0.01013EPSS
Exploits0References1
CVE
CVE
added 2024/09/09 8:29 a.m.100 views

CVE-2024-37288

CVE-2024-37288 affects Kibana via a YAML deserialization flaw that can lead to arbitrary code execution. Exploitation is possible without user interaction over network with low privileges, targeting environments using Elastic Security AI tools and an Amazon Bedrock connector; impact to confidenti...

9.9CVSS7.7AI score0.01013EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/09 8:29 a.m.39 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS0.01013EPSS
Exploits0References1
Wiz blog
Wiz blog
added 2024/04/16 3:0 p.m.25 views

Boosting efficiency with Wiz's AI-driven remediation steps powered by Amazon Bedrock

Wiz introduces AI-remediation steps powered by Amazon Bedrock to empower customers to remediate risks quickly...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/20 4:0 p.m.21 views

Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023

It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligenc...

7.6AI score
Exploits0
Rows per page
Query Builder