CVE-2025-1969

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

EUVD-2019-2220

Malware in sbrugna...

EUVD-2021-1705

Malware in sbrugna...

EUVD-2025-19636

Malicious code in bioql PyPI...

EUVD-2022-6388

Malicious code in bioql PyPI...

EUVD-2025-7453

Malicious code in bioql PyPI...

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...

Overly Permissive Authorization

aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...

CVE-2025-1969

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

CVE-2025-1969

CVE-2025-1969 involves AWS IAM Identity Center’s Temporary Elevated Access Management (TEAM). The issue is improper input validation that lets a user modify a valid request and spoof an approval in TEAM. Affected component: TEAM (Temporary Elevated Access Management) within AWS IAM Identity Cente...

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

CVE-2025-0693: AWS IAM User Enumeration

The post CVE-2025-0693: AWS IAM User Enumeration appeared first on Rhino Security Labs...

CVE-2024-45290

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...

SUSE SLES15 / openSUSE 15 Security Update : aws-iam-authenticator (SUSE-SU-2024:4329-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4329-1 advisory. - CVE-2022-1996: Fixed CORS bypass bsc1200528. Tenable has extracted the preceding description block directly from the SUSE...

Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: CVE-2022-1996: Fixed CORS bypass bsc1200528. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

SUSE-SU-2024:4329-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-1996: Fixed CORS bypass bsc1200528...

How to Configure EKS Clusters to Use AWS IAM Users/Roles for Veeam Kasten for Kubernetes Access

Purpose Follow this guide to provide appropriate Veeam Kasten for Kubernetes role-based access using AWS IAM users or roles. Solution Description Veeam Kasten for Kubernetes integrates with whatever authentication mechanism customers use to access their Kubernetes clusters. Since EKS natively...

BIT-VAULT-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...