We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...

EUVD-2020-5746

Malware in sbrugna...

EUVD-2020-8070

Malware in sbrugna...

EUVD-2020-5747

Malware in sbrugna...

EUVD-2022-26839

Malicious code in bioql PyPI...

EUVD-2022-26836

Malicious code in bioql PyPI...

EUVD-2022-26838

Malicious code in bioql PyPI...

EUVD-2022-26837

Malicious code in bioql PyPI...

ROS-20250630-02

The vulnerability of HashiCorp Vault and Vault Enterprise enterprise data archiving platforms is related to the fact that the validprincipals and defaultuser fields of the SSH secrets mechanism configuration are not are not set. Exploitation of the vulnerability could allow an attacker acting...

CVE-2025-20242

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence GenAI...

CVE-2022-21613

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2022-21615

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2022-21612

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-21614

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-13500

SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL...

CVE-2020-13499

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticate...

CVE-2020-13501

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticate...

Enterprise Data Ingestion with Low Latency: Akamai's Proven Solutions for Financial Institutions

...

PYSEC-2024-74

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...