735 matches found
CVE-2026-60090
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...
EUVD-2026-43175
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...
CVE-2026-60090 PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...
GHSA-JHQ6-GFMJ-V8FX vulnerabilities
Vulnerabilities for packages: airbyte-server-fips, ontop, localstack, cassandra-fips, sonar-scanner-cli, trino, apache-nifi, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra, nacos-docker, kserve-modelmesh, management-api-for-apache-cassandra-5.0,...
CVE-2026-10532 vulnerabilities
Vulnerabilities for packages: airbyte-server-fips, ontop, localstack, cassandra-fips, sonar-scanner-cli, trino, apache-nifi, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra, nacos-docker, kserve-modelmesh, management-api-for-apache-cassandra-5.0,...
CVE-2026-10532 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, nextflow, apache-nifi-registry, akhq, zookeeper, sonar-scanner-cli, thingsboard, trino, apache-nifi, cassandra-reaper, cassandra, kserve-modelmesh, keycloak-config-cli...
GHSA-JHQ6-GFMJ-V8FX vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, nextflow, apache-nifi-registry, akhq, zookeeper, sonar-scanner-cli, thingsboard, trino, apache-nifi, cassandra-reaper, cassandra, kserve-modelmesh, keycloak-config-cli...
GO-2026-5467 Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer
Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability: when CASSANDRA_USER is customized, the init script creates a new superuser but may not drop the built-in cassandra account, leaving cassandra:cassandra active as an unintended access path. This can allo...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
BIT-CASSANDRA-2026-47846 Default superuser cassandra:cassandra left active when CASSANDRA_USER is customized
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
PT-2026-50715
Name of the Vulnerable Software and Affected Versions Bitnami Cassandra container images versions 4.0.x prior to 4.0.20-photon-5-r7 Bitnami Cassandra container images versions 4.1.x prior to 4.1.11-photon-5-r7 Bitnami Cassandra container images versions 5.0.x prior to 5.0.8-photon-5-r4 /...
ROOT-APP-MAVEN-CVE-2026-27314 CVE-2026-27314 in io.root.org.apache.cassandra:cassandra-all - Patched by Root
Root has patched CVE-2026-27314 in the io.root.org.apache.cassandra:cassandra-all package for Root:Maven. Multiple fixed versions available...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: kafka, neo4j, opensearch, pinot-fips, docker-selenium, spark-kubernetes-operator-fips, wazuh-indexer, druid, request-9047-keycloak-fips, apache-pulsar, cassandra, infinispan, logstash, kserve-modelmesh, kayenta-fips, strimzi-kafka-operator-fips,...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: kafka, neo4j, opensearch, pinot-fips, docker-selenium, spark-kubernetes-operator-fips, wazuh-indexer, druid, request-9047-keycloak-fips, apache-pulsar, cassandra, infinispan, logstash, kserve-modelmesh, kayenta-fips, strimzi-kafka-operator-fips,...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: tez, management-api-for-apache-cassandra-5.0, docker-selenium, solr, apache-pulsar, opensearch, spark, kserve-modelmesh, neo4j, druid, thingsboard, logstash, cassandra, infinispan...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: tez, management-api-for-apache-cassandra-5.0, docker-selenium, solr, apache-pulsar, opensearch, spark, kserve-modelmesh, neo4j, druid, thingsboard, logstash, cassandra, infinispan...
CVE-2026-46340 vulnerabilities
Vulnerabilities for packages: apache-hop-fips, celeborn, pinot, thingsboard, trino, management-api-for-apache-cassandra-4.1, pinot-fips, tez, seata, apache-hop, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0...