18 matches found
CVE-2026-42339
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...
EUVD-2024-36561
Malicious code in bioql PyPI...
Malicious code in @amazon-bedrock-agents-healthcare-lifesciences/docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecf7f917126f8a71d26227e7f55cdabe99eed6831cb23345e4045192f6a36446 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-46999 Malicious code in @amazon-bedrock-agents-healthcare-lifesciences/docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecf7f917126f8a71d26227e7f55cdabe99eed6831cb23345e4045192f6a36446 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Introducing Spring AI Amazon Bedrock Nova Integration via Converse API
The Amazon Bedrock Nova models represent a new generation of foundation models supporting a broad range of use cases, from text and image understanding to video-to-text analysis. With the Spring AI Bedrock Converse API integration, developers can seamlessly connect to these advanced Nova models a...
Bootiful Spring Boot 3.4: Spring AI
I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...
Kibana < 8.15.1 (ESA-2024-27)
The version of Kibana installed on the remote host is prior to 8.15.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-27 advisory. - A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a craft...
BIT-KIBANA-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
BIT-ELK-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
CVE-2024-37288
CVE-2024-37288 affects Kibana via a YAML deserialization flaw that can lead to arbitrary code execution. Exploitation is possible without user interaction over network with low privileges, targeting environments using Elastic Security AI tools and an Amazon Bedrock connector; impact to confidenti...
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
Boosting efficiency with Wiz's AI-driven remediation steps powered by Amazon Bedrock
Wiz introduces AI-remediation steps powered by Amazon Bedrock to empower customers to remediate risks quickly...
Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023
It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligenc...