Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aws vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-30610
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. W...
Amazon Aws-sigv4 0.2.0
Amazon Aws-sigv4 0.3.0
Amazon Aws-sigv4 0.4.1
Amazon Aws-sigv4 0.5.2
Amazon Aws-sigv4 0.6.0
Amazon Aws-sigv4 0.7.0
Amazon Aws-sigv4 0.8.0
Amazon Aws-sigv4 0.9.0
Amazon Aws-sigv4 0.10.1
Amazon Aws-sigv4 0.11.0
Amazon Aws-sigv4 0.12.0
Amazon Aws-sigv4 0.13.0
7.5
CVSSv3
CVE-2013-2474
Directory traversal vulnerability in AWS XMS 2.5 allows remote malicious users to view arbitrary files via the 'what' parameter.
Aws-dms Aws Xms 2.5
1 EDB exploit
5
CVSSv2
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
7.5
CVSSv3
CVE-2018-7560
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package prior to 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.
Aws-lambda-multipart-parser Project Aws-lambda-multipart-parser
8
CVSSv3
CVE-2022-27198
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and previous versions allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
Jenkins Cloudbees Aws Credentials
Jenkins Cloudbees Aws Credentials 1.32
9.8
CVSSv3
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader prior to 1.0.0-rc.9; the package aws-sdk prior to 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This c...
Amazon Aws Sdk For Javascipt
Amazon Aws Shared Configuration File Loader 1.0.0
1.8
CVSSv4
CVE-2025-23206
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom ...
Aws Aws-cdk
6.5
CVSSv3
CVE-2023-35147
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and previous versions does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
Jenkins Project Jenkins Aws Codecommit Trigger Plugin
Jenkins Aws Codecommit Trigger
6.1
CVSSv3
CVE-2019-11205
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s...
Tibco Spotfire Analytics Platform For Aws 7.14.0
Tibco Spotfire Analytics Platform For Aws 7.14.1
Tibco Spotfire Analytics Platform For Aws 10.0.0
Tibco Spotfire Analytics Platform For Aws 10.0.1
Tibco Spotfire Analytics Platform For Aws 10.1.0
Tibco Spotfire Analytics Platform For Aws 10.2.0
Tibco Spotfire Server 7.14.0
Tibco Spotfire Server 10.0.0
Tibco Spotfire Server 10.0.1
Tibco Spotfire Server 10.1.0
Tibco Spotfire Server 10.2.0
7.8
CVSSv3
CVE-2018-1000401
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and previous versions contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This ...
Jenkins Aws Codepipeline
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-13837
openanolis
shopwarden
mobatek
CVE-2024-13582
CVE-2025-25223
CVE-2025-24200
client side
CVE-2024-40591
CVE-2024-13627
type confusion
CSRF
softdiscover
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »