SUSE CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

SUSE CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

SUSE CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30860

Summary: CVE-2026-30860 is reserved in Initial; however, connected advisory GHSA-8W32-6MRW-Q5WV details a critical remote code execution (RCE) through SQL injection bypass in WeKnora’s AI Database Query Tool. The root cause is incomplete AST validation in a PostgreSQL query validator: Phase 5 doe...

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30247

WeKnora (LLM-powered document framework) prior to version 0.2.12 is vulnerable to SSRF via HTTP redirects during the Import document via URL flow. Backend URL validation blocks private IPs, loopback, reserved hostnames, and cloud metadata, but redirect targets are not validated, enabling bypass t...

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

CVE-2026-30247 WeKnora: SSRF via Redirection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

CVE-2026-30247 WeKnora: SSRF via Redirection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

WeKnora SQL注入漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.2.12, WeKnora had a SQL injection vulnerability. This vulnerability stemmed from the database...

WeKnora 访问控制错误漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.2.12, WeKnora had an access control vulnerability. This vulnerability stemmed from an access...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the NewWebFetchTool function and IsSSRFSafeURL implementation in security.go. An attacker can access internal services and sensitive data by submitting a URL that redirects to restricted internal...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the NewWebFetchTool function and IsSSRFSafeURL implementation in security.go. An attacker can access internal services and sensitive data by submitting a URL that redirects to restricted internal...

@8sistemas/design-system (>=0.6.0 <=0.7.0), @adaptui/react-native-tailwind (>=1.0.0 <=1.0.0-alpha.13) +275 more potentially affected by unknown CVE via @react-native-aria/utils (>=0.2.10 <=0.2.12)

@react-native-aria/utils NPM version =0.2.10, =0.6.0, =1.0.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.5.0-alpha.2, =0.1.0-alpha2, =1.2.0, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-beta.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4792...

abc (>=0.1.0 <=0.2.3), aerospike (>=0.0.1 <=1.3.0) +323 more potentially affected by unknown CVE via crossbeam (>=0.1.6 <=0.2.12)

crossbeam CARGO version =0.1.6, =0.1.0, =0.0.1, =0.5.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.4.0, =0.4.0, =0.4.0, =0.0.6, =0.0.9 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0029...

openSUSE: Security Advisory for libwmf (SUSE-SU-2022:1516-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2021-44847

A stack-based buffer overflow in handlerequest function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 caused by an improper length calculation during the handling of received network packets allows remote attackers to crash the process or potentially execute arbitrary code via...