awslabs-core-mcp-server (>=1.0.8 <=1.0.27), awslabs-dynamodb-mcp-server (>=2.0.4 <=2.1.3) +1 more potentially affected by CVE-2026-4270 via awslabs-aws-api-mcp-server (>=1.0.2 <=1.3.36)

awslabs-aws-api-mcp-server PYPI version =1.0.2, =1.0.8, =2.0.4, =2.1.3 - dungngo-awslabs-core-mcp-server =1.0.9 Source cves: CVE-2026-4270 Source advisory: OSV:GHSA-2CPP-J2FC-QHP7...

CVE-2026-4270

CVE-2026-4270 affects AWS API MCP Server (versions &gt;= 0.2.14 and

EUVD-2025-6075

Malicious code in bioql PyPI...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

CVE-2025-27643 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.933 and Application 20.0.2368. Root cause: a hardcoded AWS API key (V-2024-006) exposed in the product. Impact: potential unauthorized access to AWS credentials, with CVSS 3.1 score of 9.8 (network, l...

PT-2025-9750 · Unknown · Vasion Print

Name of the Vulnerable Software and Affected Versions: Vasion Print formerly PrinterLogic versions prior to Virtual Appliance Host 22.0.933 Application 20.0.2368 Description: The issue concerns a hardcoded AWS API key. Recommendations: For versions prior to Virtual Appliance Host 22.0.933...

Command Shell, Bind SSM (via AWS API)

Creates an interactive shell using AWS SSM Module Options msf use payload/generic/shellbindawsssm msf payloadshellbindawsssm show actions ...actions... msf payloadshellbindawsssm set ACTION msf payloadshellbindawsssm show options ...show and set options... msf payloadshellbindawsssm run This modu...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in thei...

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party...

Courier: 2 Bypass of #1067533 rate limit via X-Forwarded-For<space>: Source IP on ( www.trycourier.app )

A vulnerability with AWS API Gateway was uncovered that allowed rate limiting to be bypassed when the X-Forwarded-For headed was manipulated a string added to the header key I was able to bypass the rate limit by adding extra space before the colon X-Forwarded-For: 127.0.0.1. The actual bug was i...

FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation

Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverage...

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...

Information Disclosure

pact-js is vulnerable to information disclosure. Logs containing confidential information such as an AWS API Key are written into the log file in plain text as warnings when customProviderHeaders is used. This could potentially allow a local attacker to retrieve the information and perform furthe...

jjn8eyewr6.execute-api.us-east-1.amazonaws.com XSS vulnerability

Open Bug Bounty ID: OBB-714245 Description| Value ---|--- Affected Website:| jjn8eyewr6.execute-api.us-east-1.amazonaws.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting ...