| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4171 | CodeGenieApp serverless-express API Endpoint TodoList.ts authorization | CodeGenieApp | serverless-express | Medium | 6.3 | 2026-03-15 08:02:08 | Deep Dive |
| CVE-2026-3992 | CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection | CodeGenieApp | serverless-express | Medium | 6.3 | 2026-03-12 05:32:10 | Deep Dive |
| CVE-2024-4027 | Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks | Red Hat | OpenShift Serverless | High | 7.5 | 2026-01-30 14:25:54 | Deep Dive |
| CVE-2025-69256 | serverless MCP Server vulnerable to command injection in list-projects tool | serverless | serverless | High | 7.5 | 2025-12-30 19:05:25 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-61584 | serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow | serverless-dns | serverless-dns | - | - | 2025-09-30 00:12:24 | Deep Dive |
| CVE-2025-10894 | Nx: nx/devkit: malicious versions of nx and plugins published to npm | - | - | Critical | 9.6 | 2025-09-24 21:20:31 | Deep Dive |
| CVE-2025-8556 | Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results | - | - | Low | 3.7 | 2025-08-06 08:48:18 | Deep Dive |
| CVE-2025-3048 | Path Traversal in AWS SAM CLI allows file copy to local cache | AWS | AWS Serverless Application Model Command Line Interface | Medium | 6.5 | 2025-03-31 15:21:16 | Deep Dive |
| CVE-2025-3047 | Path Traversal in AWS SAM CLI allows file copy to build container | AWS | AWS Serverless Application Model Command Line Interface | Medium | 6.5 | 2025-03-31 15:21:11 | Deep Dive |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | - | - | Medium | 5.4 | 2025-02-10 15:27:47 | Deep Dive |
| CVE-2024-12401 | Cert-manager: potential dos when parsing specially crafted pem inputs | - | - | Medium | 4.4 | 2024-12-12 09:06:04 | Deep Dive |
| CVE-2024-9355 | Golang-fips: golang fips zeroed buffer | - | - | Medium | 6.5 | 2024-10-01 18:17:29 | Deep Dive |
| CVE-2024-3653 | Undertow: learningpushhandler can lead to remote memory dos attacks | - | - | Medium | 5.3 | 2024-07-08 21:21:21 | Deep Dive |
| CVE-2024-3727 | Containers/image: digest type does not guarantee valid type | - | - | High | 8.3 | 2024-05-09 14:57:21 | Deep Dive |
| CVE-2023-5675 | Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. | - | - | Medium | 6.5 | 2024-04-25 15:44:56 | Deep Dive |
| CVE-2024-1300 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support | - | - | Medium | 5.4 | 2024-04-02 07:33:05 | Deep Dive |
| CVE-2024-1023 | Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx | - | - | Medium | 6.5 | 2024-03-27 07:51:16 | Deep Dive |
| CVE-2024-1394 | Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | High | 7.5 | 2024-03-21 12:16:39 | Deep Dive |
| CVE-2024-1635 | Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol | - | - | High | 7.5 | 2024-02-19 21:23:14 | Deep Dive |