Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 6:38 p.m.9 views

CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...

9CVSS6.3AI score0.0034EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:38 p.m.8 views

CVE-2026-11393

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...

9CVSS6.3AI score0.0034EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/11 12:33 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the evaluation endpoints, including /ofrep/v1/evaluate/flags/flagKey, /ofrep/v1/evaluate/flags, and various gRPC methods. An attacker can cause memory exhaustion and process...

8.7CVSS5.8AI score0.0042EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/05 9:13 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

9.3CVSS5.8AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

9.3CVSS5.8AI score0.00327EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.5 views

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

8.7CVSS6.9AI score0.00448EPSS
Exploits0References10
Rows per page
Query Builder