浏览 23+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6550 | Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python | AWS | AWS Encryption SDK for Python | Medium | 4.7 | 2026-04-20 19:20:23 | Deep Dive |
| CVE-2026-1778 | TLS disabled by default in select aws/sagemaker-python-sdk configurations | AWS | SageMaker Python SDK | Medium | 5.9 | 2026-02-02 20:14:58 | Deep Dive |
| CVE-2026-1777 | Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk | AWS | SageMaker Python SDK | High | 7.2 | 2026-02-02 20:10:03 | Deep Dive |
| CVE-2026-22611 | AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value | aws | aws-sdk-net | Low | 3.7 | 2026-01-10 05:37:08 | Deep Dive |
| CVE-2025-14762 | AWS SDK for Ruby 安全漏洞 | AWS | AWS SDK for Ruby | Medium | 5.3 | 2025-12-17 20:15:58 | Deep Dive |
| CVE-2025-14761 | Amazon AWS SDK for PHP 安全漏洞 | AWS | AWS SDK for PHP | Medium | 5.3 | 2025-12-17 20:13:55 | Deep Dive |
| CVE-2025-14760 | AWS SDK for C++ 安全漏洞 | AWS | AWS SDK for C++ | Medium | 5.3 | 2025-12-17 20:11:37 | Deep Dive |
| CVE-2025-0508 | MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk | aws | aws/sagemaker-python-sdk | 中危 | - | 2025-03-20 10:11:31 | Deep Dive |
| CVE-2024-34072 | Deserialization of Untrusted Data in sagemaker-python-sdk | aws | sagemaker-python-sdk | High | 7.8 | 2024-05-03 10:13:25 | Deep Dive |
| CVE-2024-34073 | Command Injection in sagemaker-python-sdk | aws | sagemaker-python-sdk | High | 7.8 | 2024-05-03 10:11:12 | Deep Dive |
| CVE-2023-51651 | Potential URI resolution path traversal in the AWS SDK for PHP | aws | aws-sdk-php | Medium | 6.0 | 2023-12-22 21:03:01 | Deep Dive |
| CVE-2023-30610 | AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending | awslabs | aws-sdk-rust | Medium | 5.5 | 2023-04-19 17:18:55 | Deep Dive |
| CVE-2022-2582 | Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go | github.com/aws/aws-sdk-go | github.com/aws/aws-sdk-go/service/s3/s3crypto | 中危 | - | 2022-12-27 21:13:47 | Deep Dive |
| CVE-2022-4725 | AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery | - | AWS SDK | Medium | 5.5 | 2022-12-24 00:00:00 | Deep Dive |
| CVE-2022-31159 | Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 | aws | aws-sdk-java | High | 7.9 | 2022-07-15 17:45:12 | Deep Dive |
| CVE-2021-40831 | Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:19 | Deep Dive |
| CVE-2021-40830 | Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:18 | Deep Dive |
| CVE-2021-40829 | TLS hostname validation issues within AWS IoT Device SDKs on macOS | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:17 | Deep Dive |
| CVE-2021-40828 | TLS hostname validation issues within AWS IoT Device SDKs on Windows | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:16 | Deep Dive |
| CVE-2020-28472 | Prototype Pollution | - | @aws-sdk/shared-ini-file-loader | High | 7.3 | 2021-01-19 10:25:15 | Deep Dive |