31 Total CVEs
22 AI Analyzed
0 CISA KEV
16 Critical
All Vendors
Showing 1-31 of 31 CVEs
CVE-2026-6912
Analyzed
8.8
AWS Ops Wheel

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165...

2026-04-25
CVE-2026-6911
Analyzed
9.8
AWS Ops Wheel

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to...

2026-04-25
CVE-2026-5946
Analyzed
7.5
AWS have been

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `H...

2026-05-22
CVE-2026-5059
Analyzed
9.8
AWS CLI Command

The aws-mcp-server is vulnerable to remote code execution via AWS CLI command injection, allowing attackers to execute arbitrary system commands witho...

2026-04-11
CVE-2026-5058
Analyzed
9.8
AWS aws-mcp-server

The aws-mcp-server is vulnerable to remote code execution via command injection due to improper validation of user-supplied input in the allowed comma...

2026-04-11
CVE-2026-44738
7.7
AWS keys

Grav is a file-based Web platform

2026-05-12
CVE-2026-4428
7.4
AWS Multiple Products

A logic error in CRL distribution point validation in AWS-LC before 1

2026-03-20
CVE-2026-44225
Analyzed
9.3
AWS Multiple Products

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every p...

2026-05-13
CVE-2026-43929
8.2
AWS Multiple Products

ssrfcheck is a library that checks if a string contains a potential SSRF attack

2026-05-13
CVE-2026-42882
Analyzed
9.4
AWS s3 proxy

The oxyno-zeta s3-proxy contains an authentication bypass vulnerability due to inconsistent path interpretation, allowing unauthorized S3 operations.

2026-05-12
CVE-2026-42864
Analyzed
9.9
AWS credentials attached

FireFighter incident management application contains an unauthenticated SSRF vulnerability that can lead to the theft of AWS IAM credentials.

2026-05-12
CVE-2026-42193
Analyzed
9.1
AWS SES

The Plunk email platform fails to verify SNS signatures, allowing unauthenticated attackers to forge webhook requests.

2026-05-09
CVE-2026-41272
7.1
AWS allow attackers

Flowise is a drag & drop user interface to build a customized large language model flow

2026-04-24
CVE-2026-40576
Analyzed
9.4
AWS excel-mcp-server

A path traversal vulnerability in excel-mcp-server allows unauthenticated remote attackers to read, write, and overwrite arbitrary files on the host f...

2026-04-22
CVE-2026-40175
Analyzed
10
AWS IMDSv2 bypass

Axios is vulnerable to a prototype pollution attack chain that can be escalated to remote code execution or AWS IMDSv2 bypass.

2026-04-11
CVE-2026-39361
7.7
AWS IMDSv1

OpenObserve is a cloud-native observability platform

2026-04-09
CVE-2026-35022
Analyzed
9.8
AWS Claude Code CLI and Claude Agent SDK

Anthropic Claude CLI and SDK are vulnerable to OS command injection via unvalidated authentication helper configuration parameters, allowing arbitrary...

2026-04-07
CVE-2026-34975
8.5
AWS SES

Plunk is an open-source email platform built on top of AWS SES

2026-04-07
CVE-2026-3338
7.5
AWS services do

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 object...

2026-03-03
CVE-2026-3336
7.5
AWS services do

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PK...

2026-03-03
CVE-2026-33340
Analyzed
9.1
AWS lollms-webui

A critical Server-Side Request Forgery (SSRF) in lollms-webui allows unauthenticated attackers to force arbitrary GET requests, potentially exfiltrati...

2026-03-25
CVE-2026-32096
Analyzed
9.3
AWS SES

Plunk contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in its SNS webhook handler, allowing attackers to make arbitrary ou...

2026-03-12
CVE-2026-31943
Analyzed
8.5
AWS LibreChat

LibreChat is a ChatGPT clone with additional features

2026-03-28
CVE-2026-27702
Analyzed
9.9
AWS keys

Budibase Cloud suffers from an unsafe eval() vulnerability in its view filtering, allowing authenticated users to execute arbitrary JavaScript and acc...

2026-02-26
CVE-2026-27700
Analyzed
8.2
AWS Lambda adapter

Hono is a Web application framework that provides support for any JavaScript runtime

2026-02-26
CVE-2026-25991
Analyzed
7.7
AWS Tandoor Recipes

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists

2026-02-14
CVE-2026-24467
Analyzed
9
AWS Multiple Products

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in ver...

2026-04-21
CVE-2026-13763
Analyzed
9.8
AWS Application Load Balancer

AWS Application Load Balancers with AWS WAF enabled may inconsistently inspect HTTP/2 request bodies, potentially allowing attackers to bypass WAF sec...

2026-06-30
CVE-2026-12958
Analyzed
7.8
AWS Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary

2026-06-24
CVE-2025-4960
7.8
AWS in its

The com

2026-02-20
CVE-2020-37153
Analyzed
9.8
AWS to inject

ASTPP 4.0.1 is vulnerable to XSS and command injection in SIP and plugin management interfaces, allowing attackers to hijack sessions and execute code...

2026-02-12