amazon

196 tracked vulnerabilities.

CVE-2026-8178 HIGH
Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver
May 08, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-7791 HIGH
Amazon Workspaces < 2.6.2034.0 - Authenticated Local Privilege Escalation via Log Rotation Race Condition
May 04, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-7461 HIGH
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Apr 30, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-7426 HIGH
Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
Apr 29, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-7425 MEDIUM
Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP
Apr 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-7424 HIGH
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
Apr 29, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-7423 MEDIUM
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP
Apr 29, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-7422 MEDIUM
MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing
Apr 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-6968 MEDIUM
Multiple Path Traversal Variants in awslabs/tough
Apr 24, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-6967 MEDIUM
Missing Delegated Metadata Validation in awslabs/tough
Apr 24, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-6966 MEDIUM
Signature Threshold Bypass in awslabs/tough Delegated Roles
Apr 24, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31431 HIGH KEV
crypto: algif_aead - Revert to operating out-of-place
Apr 22, 2026
CVSS 7.8
EPSS 0.03
CVE-2026-6437 MEDIUM
AWS EFS CSI Driver Mount Option Injection
Apr 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-5709 HIGH
AWS Research and Engineering Studio (RES) FileBrowser Command Injection
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5708 HIGH
Improper Control of User-Modifiable Attributes in RES CreateSession API
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5707 HIGH
Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5485 HIGH
OS command injection in Amazon Athena ODBC driver on Linux
Apr 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-35562 HIGH
Allocation of resources without limits in parsing components in Amazon Athena ODBC driver
Apr 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35561 HIGH
Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver
Apr 03, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-35560 HIGH
Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver
Apr 03, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-35559 MEDIUM
Out-of-bounds write in query processing components in Amazon Athena ODBC driver
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35558 HIGH
Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver
Apr 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-4269 HIGH
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4270 MEDIUM
AWS API MCP Server 0.2.14-1.3.8 - File Access Restriction Bypass
Mar 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-3494 MEDIUM
MariaDB <=11.8.5 - Audit Log Bypass
Mar 03, 2026
CVSS 4.3
EPSS 0.00
Products
freertos 17 amazon_web_services_freertos 14 fire_os 13 opensearch 11 tough 10 freertos-plus-tcp 9 blink_xt2_sync_module_firmware 7 Amazon Athena ODBC driver 6 athena_odbc 6 data.all 5 payfort-php-sdk 5 amazon_web_services_internet_of_things_device_software_development_kit_v2 4 aws_cloud_development_kit 4 aws_software_development_kit 4 firecracker 4 amazon_web_services_aws-c-io 3 aws-lc-sys 3 aws_libcrypto 3 echo_dot_firmware 3 opensearch_data_prepper 3 research_and_engineering_studio 3 tuftool 3 WorkSpaces Client 2 amazon_linux 2 amazon_web_services_redshift_java_database_connectivity_driver 2 audible 2 aws_client_vpn 2 aws_encryption_sdk 2 aws_s3_crypto_sdk 2 awslabs_sandbox_accounts_for_events 2
Quick Filters
Critical CVEs With Exploits In CISA KEV