Lucene search
+L

4 matches found

CVE
CVE
added 2026/07/01 7:34 p.m.61 views

CVE-2026-14265

The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...

8.8CVSS6.3AI score0.00416EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/06/09 7:49 a.m.14 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 7:7 p.m.9 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 7:7 p.m.124 views

CVE-2026-11400

CVE-2026-11400 describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate privileges to another Amazon RDS user, including rds_superuser, by creating a crafted ...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References3
Rows per page
Query Builder