Latest vulnerabilities for vendor "amazon"

Where

Sort:

Software

amazon kindle

amazon freertos

amazon fire os

amazon opensearch

amazon freertos-plus-tcp

amazon blink xt2 sync module

amazon blink xt2 sync module firmware

amazon kindle fire hd

amazon alexa

amazon athena odbc

amazon amazon athena odbc driver

amazon payfort-php-sdk

amazon amazon linux

amazon amazon web services internet of things device software development kit v2 c\+\+

amazon amazon web services internet of things device software development kit v2 java

amazon amazon web services internet of things device software development kit v2 node.js

amazon amazon web services internet of things device software development kit v2 python

amazon aws client vpn

amazon aws software development kit

amazon firecracker

amazon opensearch notifications

amazon web services

amazon amazon web services aws-c-io

amazon aws cloudformation

amazon aws libcrypto

amazon aws-lc-sys rust

amazon echo dot

amazon fire tv stick 3rd gen

amazon hotpatch

amazon research and engineering studio

amazon tough rust

amazon tuftool rust

amazon web services (aws)

amazon workspaces client

amazon audible

amazon aws labs sandbox accounts

amazon flexible payments service

amazon ion

amazon kindle firmware

amazon amazon ecs agent

amazon amazon ecs container agent

amazon amazon key

amazon amazon key firmware

amazon amazon products to woocommerce

amazon amazon redshift jdbc driver

amazon amazon s3

Amazon rabbitmq-awsArbitrary file read in rabbitmq-aws plugin

Risk 32

Severity

8.3

EPSS

0.02%

First published (updated )

CVE-2026-9133

Amazon coreMQTTDoS from MQTT v5.0 Deserialization Fault in core MQTT

Risk 33

Severity

8.7

EPSS

0.03%

First published (updated )

CVE-2026-8686

Amazon Amazon Redshift JDBC DriverRemote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

Risk 55

Severity

9.2

EPSS

0.03%

First published (updated )

CVE-2026-8178

The RegisterAttackers are cashing in on fresh 'CopyFail' Linux flaw

Exploited

First published (updated )

News

The Register

BleepingComputerCISA says ‘Copy Fail’ flaw now exploited to root Linux systems

Exploited

First published (updated )

News

BleepingComputer

Amazon Amazon ECS AgentOS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Risk 49

Severity

7.5

EPSS

0.04%

First published (updated )

CVE-2026-7461

BleepingComputerNew Linux ‘Copy Fail’ flaw gives hackers root on major distros

Exploited

First published (updated )

News

BleepingComputer

Amazon Freertos-plus-tcpOut-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP

Risk 43

Severity

6.1

EPSS

0.02%

First published (updated )

CVE-2026-7426

Amazon Freertos-plus-tcpOut-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP

Risk 27

Severity

EPSS

0.02%

First published (updated )

CVE-2026-7425

Amazon Freertos-plus-tcpInteger Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP

Risk 43

Severity

7.2

EPSS

0.02%

First published (updated )

CVE-2026-7424

Amazon Freertos-plus-tcpInteger Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Risk 27

Severity

EPSS

0.02%

First published (updated )

CVE-2026-7423

Amazon Freertos-plus-tcpMAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

Risk 29

Severity

7.1

EPSS

0.03%

First published (updated )

CVE-2026-7422

awslabs toughMultiple Path Traversal Variants in awslabs/tough

Risk 34

Severity

7.1

EPSS

0.08%

First published (updated )

CVE-2026-6968

awslabs toughMissing Delegated Metadata Validation in awslabs/tough

Risk 34

Severity

7.1

EPSS

0.02%

First published (updated )

CVE-2026-6967

awslabs toughSignature Threshold Bypass in awslabs/tough Delegated Roles

Risk 27

Severity

EPSS

0.02%

First published (updated )

CVE-2026-6966

SUSE Linux Enterprise ServerLinux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Risk 91

Severity

7.8

Exploited

Trending

Year

First published (updated )

CVE-2026-31431

Amazon Research and Engineering StudioAWS Research and Engineering Studio (RES) FileBrowser Command Injection

Risk 56

Severity

7.7

EPSS

0.10%

First published (updated )

CVE-2026-5709

Amazon Research and Engineering StudioImproper Control of User-Modifiable Attributes in RES CreateSession API

Risk 56

Severity

8.7

EPSS

0.04%

First published (updated )

CVE-2026-5708

Amazon Research and Engineering StudioCommand Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Risk 56

Severity

8.7

EPSS

0.11%

First published (updated )

CVE-2026-5707

Amazon Web Services Amazon Athena ODBC DriverImproper neutralization of special elements in authentication components in Amazon Athena ODBC driver

Risk 68

Severity

7.3

First published (updated )

CVE-2026-35558

Amazon Amazon Athena ODBC DriverOut-of-bounds write in query processing components in Amazon Athena ODBC driver

Risk 40

Severity

7.1

First published (updated )

CVE-2026-35559

Amazon Amazon Athena ODBC DriverOS command injection in Amazon Athena ODBC driver on Linux

Risk 51

Severity

7.3

EPSS

0.10%

First published (updated )

CVE-2026-5485

Amazon Amazon Athena ODBC DriverAllocation of resources without limits in parsing components in Amazon Athena ODBC driver

Risk 47

Severity

8.7

First published (updated )

CVE-2026-35562

Amazon Amazon Athena ODBC DriverInsufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver

Risk 86

Severity

9.1

First published (updated )

CVE-2026-35561

Amazon Amazon Athena ODBC DriverImproper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Risk 63

Severity

9.1

First published (updated )

CVE-2026-35560

Amazon aws-c-event-streamAWS C Event Stream Streaming Decoder Stack Buffer Overflow

Risk 50

Severity

7.7

EPSS

0.02%

First published (updated )

CVE-2026-5190

Amazon aws-mcp-server(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

Risk 86

Severity

9.8

First published (updated )

Advisory

ZDI-26-246

Amazon AWS-LCCRL Distribution Point Scope Check Logic Error in AWS-LC

Risk 44

Severity

9.1

EPSS

0.02%

First published (updated )

CVE-2026-4428

we found a memory exhaustion CVE in a library downloaded 29 million times a month. AWS, DataHub, and Lightning AI are in the blast radius.

First published (updated )

Social

npm/bedrock-agentcore-starter-toolkitImproper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Risk 51

Severity

5.8

EPSS

0.05%

First published (updated )

CVE-2026-4269

Trending

Vendor Risk Score

Software

Amazon rabbitmq-awsArbitrary file read in rabbitmq-aws plugin

Amazon coreMQTTDoS from MQTT v5.0 Deserialization Fault in core MQTT

Amazon Amazon Redshift JDBC DriverRemote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

The RegisterAttackers are cashing in on fresh 'CopyFail' Linux flaw

BleepingComputerCISA says ‘Copy Fail’ flaw now exploited to root Linux systems

Don't miss critical vulnerabilities

Amazon Amazon ECS AgentOS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

BleepingComputerNew Linux ‘Copy Fail’ flaw gives hackers root on major distros

Amazon Freertos-plus-tcpOut-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP

Amazon Freertos-plus-tcpOut-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP

Amazon Freertos-plus-tcpInteger Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP

Don't miss critical vulnerabilities

Amazon Freertos-plus-tcpInteger Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Amazon Freertos-plus-tcpMAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

awslabs toughMultiple Path Traversal Variants in awslabs/tough

awslabs toughMissing Delegated Metadata Validation in awslabs/tough

awslabs toughSignature Threshold Bypass in awslabs/tough Delegated Roles

Don't miss critical vulnerabilities

SUSE Linux Enterprise ServerLinux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Amazon Research and Engineering StudioAWS Research and Engineering Studio (RES) FileBrowser Command Injection

Amazon Research and Engineering StudioImproper Control of User-Modifiable Attributes in RES CreateSession API

Amazon Research and Engineering StudioCommand Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Amazon Web Services Amazon Athena ODBC DriverImproper neutralization of special elements in authentication components in Amazon Athena ODBC driver

Don't miss critical vulnerabilities

Amazon Amazon Athena ODBC DriverOut-of-bounds write in query processing components in Amazon Athena ODBC driver

Amazon Amazon Athena ODBC DriverOS command injection in Amazon Athena ODBC driver on Linux

Amazon Amazon Athena ODBC DriverAllocation of resources without limits in parsing components in Amazon Athena ODBC driver

Amazon Amazon Athena ODBC DriverInsufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver

Amazon Amazon Athena ODBC DriverImproper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Don't miss critical vulnerabilities

Amazon aws-c-event-streamAWS C Event Stream Streaming Decoder Stack Buffer Overflow

Amazon aws-mcp-server(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

Amazon AWS-LCCRL Distribution Point Scope Check Logic Error in AWS-LC

we found a memory exhaustion CVE in a library downloaded 29 million times a month. AWS, DataHub, and Lightning AI are in the blast radius.

npm/bedrock-agentcore-starter-toolkitImproper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Don't miss critical vulnerabilities

Company

Resources

Contact