14 matches found
Microsoft Semantic Kernel Code Injection Vulnerability
Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...
Arbitrary Code Injection
Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Arbitrary Code Injection via the InMemoryVectorStore filter functionality due to lack of filtering for dangerous dunder attributes. An attacker can escape the sandbox and execute arbitrary...
GHSA-XJW9-4GW8-4RQX Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
Microsoft Semantic Kernel 代码注入漏洞
Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...
PT-2026-20868
Name of the Vulnerable Software and Affected Versions Semantic Kernel Python SDK versions prior to 1.39.4 Description A remote code execution issue exists within the InMemoryVectorStore filter functionality. The flaw occurs in the InMemoryCollection. parse and validate filter function, where a...
MiracleLinux 9 : buildah-1.39.4-2.el9_6 (AXSA:2025-10547:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10547:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
PT-2023-8948 · Mediawiki +2 · Wikibase +2
Name of the Vulnerable Software and Affected Versions: Wikibase extension for MediaWiki versions 1.35.x through 1.35.11 Wikibase extension for MediaWiki versions 1.36.x through 1.39.4 Wikibase extension for MediaWiki versions 1.40.x through 1.40.0 Description: An issue was discovered in the...
MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
Design/Logic Flaw
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...