CVE-2021-22998

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation SNAT listeners. Note: Software versions which...

CVE-2021-22988

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed page...

CVE-2022-31128

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

MAL-2026-181 Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1417

JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3...

GHSA-J965-2QGJ-VJMQ JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...

Improper Validation of Syntactic Correctness of Input

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...

EUVD-2026-1418

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value...

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

Moderate Photon OS Security Update - PHSA-2026-4.0-0942

Updates of 'aws-sdk-cpp', 'rubygem-aws-sdk-s3' packages of Photon OS have been released...

Analyzing Code Injection Attacks on LLM-Based Multi-Agent Systems in Software Development

Agentic AI and Multi-Agent Systems are poised to dominate industry and society imminently. Powered by goal-driven autonomy, they represent a powerful form of generative AI, marking a transition from reactive content generation into proactive multitasking capabilities. As an exemplar, we propose a...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2025-203984

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

CVE-2025-14760

CVE-2025-14760 affects the AWS SDK for C++ and is reported in multiple sources including Red Hat and VMware Photon advisories. The issue is described as missing cryptographic key commitment that could allow a user with write access to an S3 bucket to insert a new envelope data key (EDK) that decr...

PT-2025-51881

Name of the Vulnerable Software and Affected Versions AWS SDK for C++ versions prior to 1.11.712 Description A missing cryptographic key commitment in the AWS SDK for C++ could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...