Skip to main content
CVE-2026-3111 MEDIUM PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in Campus Educativa at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' that allows unauthenticated attackers to enumerate and download profile photographs of all users by manipulating URL parameters. Successful exploitation enables mass collection of user photos for identity impersonation, social engineering, facial recognition-based identity linking across platforms, and doxxing attacks. With a CVSS score of 6.9 and no authentication required, this vulnerability poses a moderate-to-significant risk to user privacy and security.

Authentication Bypass Campus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-69243 MEDIUM PATCH This Month

Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.

Information Disclosure Raytha
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-69246 MEDIUM PATCH This Month

Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts without triggering account lockout, rate limiting, or multi-factor authentication challenges. Versions prior to 1.4.6 are affected, and an attacker can systematically enumerate valid usernames and crack passwords through high-volume credential stuffing attacks. The vulnerability represents a significant authentication bypass risk that could lead to unauthorized administrative access depending on password strength and user enumeration feasibility.

Information Disclosure Raytha
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-21004 MEDIUM This Month

Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network attackers to trigger denial of service conditions without requiring user privileges or interaction. The vulnerability has a CVSS score of 6.9 with medium-to-high availability impact, making it a notable threat in local network environments where Smart Switch is deployed.

Denial Of Service Authentication Bypass Smart Switch
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-69238 MEDIUM PATCH This Month

Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce token verification on POST requests. An authenticated user can be tricked into visiting a malicious website crafted by an attacker, which automatically submits unauthorized requests (such as data deletion) to the Raytha CMS application without requiring explicit user confirmation. This vulnerability affects Raytha CMS versions prior to 1.4.6 and has a CVSS score of 6.9 with medium real-world exploitability.

CSRF Raytha
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32265 MEDIUM PATCH This Month

The BucketsController endpoint in this plugin suffers from an information disclosure vulnerability where unauthenticated attackers possessing a valid CSRF token can enumerate the list of accessible buckets. This exposure allows reconnaissance of cloud storage resources available to the plugin without requiring authentication. Update to version 2.2.5 to resolve this issue.

CSRF Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-29516 MEDIUM This Month

CVE-2026-29516 is a security vulnerability (CVSS 4.9) that allows authenticated attackers. Remediation should follow standard vulnerability management procedures.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32750 MEDIUM PATCH This Month

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32747 MEDIUM PATCH This Month

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32812 MEDIUM PATCH This Month

An unauthenticated Server-Side Request Forgery (SSRF) and Local File Read vulnerability exists in the Admidio SSO metadata fetch endpoint, which accepts arbitrary URLs via GET parameter and passes them directly to file_get_contents() after validating only with PHP's FILTER_VALIDATE_URL-a format checker that does not block dangerous URI schemes. An authenticated administrator can exploit this to read arbitrary local files (including database credentials from config.php), probe internal network services, or fetch cloud instance metadata (such as AWS IAM credentials from 169.254.169.254). A proof-of-concept demonstrating all attack vectors has been published; CVSS 6.8 reflects high confidentiality impact but is mitigated by the requirement for administrator privileges.

CSRF Elastic PHP Microsoft SSRF +1
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-4270 MEDIUM PATCH This Month

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-2462 MEDIUM This Month

This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.

RCE Authentication Bypass Mattermost
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-3021 MEDIUM PATCH This Month

A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma web application at the endpoint 'vets.wakyma.com/centro/equipo/empleado' that allows authenticated users to inject NoSQL commands and enumerate sensitive employee data. The vulnerability has a CVSS 4.0 score of 7.1 (High) with network attack vector requiring low privileges. No proof-of-concept code, EPSS data, or KEV listing information is currently available for this vulnerability.

SQLi Nosql Injection Wakyma Application Web
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32758 MEDIUM PATCH This Month

Path traversal in the resourcePatchHandler allows authenticated users with Create or Rename permissions to bypass access control rules by injecting path traversal sequences (`..\`) into PATCH requests, since validation occurs before path normalization. An attacker can exploit this to copy or rename files to restricted directories that should be protected by administrator-configured deny rules. No patch is currently available.

Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68971 MEDIUM This Month

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Denial Of Service
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12736 MEDIUM This Month

OpenHarmony versions 5.0.3 and earlier contain an information disclosure vulnerability caused by use of uninitialized resources, allowing local attackers to leak sensitive case-sensitive data. The vulnerability affects OpenHarmony deployments across all product lines up to v5.0.3.x (per EUVD-2025-208673). An attacker with local access and standard user privileges can read uninitialized memory regions to obtain confidential information without requiring user interaction, though there is no indication of active exploitation in public KEV databases at this time.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-25277 MEDIUM This Month

This vulnerability allows arbitrary code execution in OpenHarmony pre-installed applications through improper handling of incompatible types, enabling local attackers to escalate privileges and execute arbitrary code within the context of trusted system applications. Affected versions include OpenHarmony v5.0.3 through v5.1.0.x, impacting the core application framework across the OpenHarmony ecosystem. While the CVSS score of 6.3 reflects moderate severity, the vulnerability requires local access and high attack complexity, limiting real-world exploitability to restricted scenarios as noted by the vendor.

RCE Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-4228 LOW POC Monitor

Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.

Command Injection Bl Wr9000
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-4210 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4204 LOW POC Monitor

A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4206 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4205 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4207 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4209 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4203 LOW POC Monitor

Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4253 LOW POC Monitor

OS command injection in Tenda AC8 16.03.50.11 web interface allows authenticated remote attackers to execute arbitrary commands through the wans.policy.list1 parameter in the /cgi-bin/UploadCfg endpoint. Public exploit code exists for this vulnerability and no patch is currently available.

Tenda Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.6%
CVE-2026-28499 MEDIUM PATCH This Month

LeafKit's HTML escaping mechanism fails to properly sanitize arrays and dictionaries when rendered via templates, enabling cross-site scripting (XSS) attacks where untrusted data is output unescaped. Applications using LeafKit templates to display user-controlled collections are vulnerable to arbitrary JavaScript execution in user browsers. A patch is available to address this vulnerability.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4233 LOW POC Monitor

Path traversal in ThingsGateway 12's /api/file/download endpoint allows authenticated users to read arbitrary files through manipulation of the fileName parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Thingsgateway
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4215 LOW POC Monitor

Server-side request forgery in FlowCI flow-core-x up to version 1.23.01 allows authenticated remote attackers to conduct SSRF attacks through the SMTP Host Handler configuration function. Public exploit code exists for this vulnerability and the vendor has not released a patch. An attacker with valid credentials can manipulate the system to make arbitrary outbound requests from the affected server.

Java SSRF
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-57543 MEDIUM This Month

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4234 LOW POC Monitor

SQL injection in SSCMS 7.4.0 via the tableHandWrite parameter in SitesAddController.Submit.cs allows authenticated remote attackers to execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi Sscms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4230 LOW POC Monitor

SQL injection in Vanna up to version 2.0.2 allows authenticated remote attackers to execute arbitrary SQL queries through the update_sql endpoint function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An authenticated attacker can leverage this to read, modify, or delete database contents depending on the application's database permissions.

Python SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-30882 MEDIUM This Month

Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.

XSS Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3644 MEDIUM PATCH This Month

CVE-2026-3644 is a security vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-4222 LOW POC Monitor

A path traversal vulnerability exists in SSCMS versions up to 7.4.0 within the PathUtils.RemoveParentPath function of the plugin download API endpoint (/api/admin/plugins/install/actions/download). An authenticated administrator with high privileges can manipulate the path argument to traverse the file system and access or modify files outside the intended directory, potentially leading to information disclosure or system compromise. The vulnerability has public proof-of-concept code available, though the CVSS score of 3.8 is relatively low due to the requirement for authenticated administrative access, making this a lower-priority but still exploitable issue in environments where admin credentials may be compromised.

Path Traversal Sscms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-4239 LOW POC Monitor

A vulnerability was found in Lagom WHMCS Template up to 2.3.7.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4238 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 via the course_code parameter in /admin/courses.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but could enable data exfiltration or manipulation.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4224 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Python
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-15554 MEDIUM PATCH This Month

LAPSWebUI before version 2.4 by Truesec improperly caches LAPS (Local Administrator Password Solution) passwords in browser storage, allowing a local attacker with user-level access to retrieve plaintext or weakly protected admin credentials from the browser cache. An attacker who gains access to a workstation where an administrator has used LAPSWebUI can escalate privileges to local administrator by exploiting this caching behavior. While the CVSS score is moderate at 6.0, the practical impact is high because successful exploitation directly enables privilege escalation to administrative access.

Privilege Escalation Lapswebui
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-15553 MEDIUM PATCH This Month

LAPSWebUI before version 2.4 contains a non-functional logout mechanism that allows an authenticated local attacker to obtain elevated privileges through disclosure of cached local administrator passwords. An attacker with existing workstation access and low privileges can exploit this flaw to escalate to local admin by recovering credentials that should have been cleared upon session termination. The vulnerability carries a CVSS v4.0 score of 6.0 (Medium) with local attack vector and requires prior login plus user interaction, though the confidentiality impact on sensitive credentials is marked as high.

Privilege Escalation Lapswebui
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-15552 MEDIUM This Month

Insufficient Session Expiration in Truesec's LAPSWebUI before version 2.4 allows local attackers with user-level privileges to obtain local administrator passwords through inadequate session management controls. An attacker with physical or logical access to a workstation can exploit this vulnerability to escalate privileges and disclose sensitive credentials, potentially compromising domain administration. This vulnerability represents a practical privilege escalation risk in environments relying on LAPS (Local Administrator Password Solution) for credential management.

Privilege Escalation Lapswebui
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-4199 LOW POC PATCH Monitor

Command injection in bazinga012 mcp_code_executor up to version 0.3.0 allows local attackers with user-level privileges to execute arbitrary commands through the installDependencies function in src/index.ts. Public exploit code exists for this vulnerability, affecting Python and Node.js environments. A patch is available and should be applied to remediate this local privilege escalation risk.

Command Injection Mcp Code Executor
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-4225 LOW POC Monitor

A cross-site scripting (XSS) vulnerability exists in CMS Made Simple versions up to 2.2.21 affecting the User Management Module's admin/listusers.php file. An attacker with high-level privileges can inject malicious JavaScript through the Message parameter to compromise other users' sessions or steal sensitive data. Public exploit code is available and the vulnerability has been actively exploited, making this a tangible threat despite its low CVSS score of 2.4.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-32632 MEDIUM PATCH This Month

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21001 MEDIUM This Month

Galaxy Store versions prior to 4.6.03.8 contain a path traversal vulnerability that enables local attackers to create files with Galaxy Store privileges. This could allow an attacker with local access to escalate their capabilities by writing malicious files in unintended locations. No patch is currently available for this issue.

Path Traversal Galaxy Store
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-4216 LOW POC Monitor

Hard-coded credentials exist in the i-SENS SmartLog Android application (versions up to 2.6.8) within a developer mode function used for Bluetooth pairing configuration between blood glucose meters and the mobile app. An attacker with local access and low privileges can exploit this to obtain credentials, potentially compromising the integrity and confidentiality of health data. A public proof-of-concept is available, though the CVSS 5.3 score and local-only attack vector limit immediate widespread exploitation risk.

Google Authentication Bypass
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-21002 MEDIUM This Month

Galaxy Store prior to version 4.6.03.8 contains an improper cryptographic signature verification vulnerability that allows a local attacker to install arbitrary applications without proper authorization. An attacker with physical or local access to a device can bypass the signature validation mechanism, enabling installation of malicious or unauthorized apps. While the CVSS score of 5.9 is moderate, the integrity impact is high, making this a meaningful threat to device security and app ecosystem integrity.

Information Disclosure Jwt Attack
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-4219 LOW POC Monitor

A hard-coded credentials vulnerability exists in the INDEX Conferences & Exhibitions Organization YWF BPOF APGCS Android application (versions up to 1.0.2) where attackers can manipulate ACCESS_KEY and HASH_KEY arguments in the BuildConfig.java component to extract embedded credentials. The vulnerability requires local execution on the device and grants only confidentiality impact (CWE-798: Use of Hard-Coded Credentials), but the existence of a published exploit and vendor non-responsiveness elevate practical risk despite the low CVSS score of 3.3.

Google Authentication Bypass Java
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2454 MEDIUM This Month

Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-4269 MEDIUM PATCH This Month

Remote code execution in Bedrock AgentCore Starter Toolkit versions before v0.1.13 allows unauthenticated attackers to inject malicious code during the build process by exploiting missing S3 ownership verification, affecting only users who built the toolkit after September 24, 2025. An attacker can achieve arbitrary code execution within the AgentCore Runtime environment. Users must upgrade to version v0.1.13 to remediate this vulnerability, as no patch is currently available for earlier versions.

RCE Bedrock Agentcore Starter Toolkit
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy