Lucene search
K

11263 matches found

Nuclei
Nuclei
added yesterday169 views

SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting

SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...

6.1CVSS6.8AI score0.22318EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday230 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.7AI score0.0608EPSS
Exploits3References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41429

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-59098

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago4 views

WordPress weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin weDocs versions = 2.3.0...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
Kaspersky
Kaspersky
added 6 days ago4 views

KLA91128 PE vulnerability in Microsoft Apps

Privilege escalation vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-41106 Exploitation Related products Microsoft-365 CVE list CVE-2026-41106 unknown Solution Install necessary updates from the KB section,...

9.3CVSS5.9AI score0.00542EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-377 Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

9.6CVSS6AI score0.04417EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-324 DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/29 12:31 a.m.7 views

EUVD-2026-40006

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/28 10:0 p.m.28 views

CVE-2026-13509 RAGapp Knowledge File files.py FileHandler.remove_file path traversal

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS0.00294EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53165

Name of the Vulnerable Software and Affected Versions RAGapp versions prior to 0.1.6 Description A path traversal issue exists in the Knowledge File Handler component. This flaw allows remote attackers to manipulate files via the FileHandler.upload file and FileHandler.remove file functions locat...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/23 9:53 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update

Red Hat Offline Knowledge Portal security fixes & content update This Red Hat Offline Knowledge Portal fixes several Solr-related CVEs. It also includes content updates as of June 16 2026...

8.1CVSS5.8AI score0.00686EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 6:18 p.m.15 views

CVE-2026-54016

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS0.00226EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.4 views

CVE-2026-42867

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00313EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:47 p.m.18 views

CVE-2026-54012

CVE-2026-54012 pertains to Open WebUI. Before version 0.9.6, a user with model-creation/update/import rights could attach forged meta.knowledge entries of type file to their model. The system then trusts these entries as authorization sources, enabling a cross-user read and deletion of private fi...

7.1CVSS6AI score0.00198EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:47 p.m.39 views

CVE-2026-54012 Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS0.00198EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:43 p.m.17 views

CVE-2026-54016

CVE-2026-54016 : Open WebUI (self-hosted offline AI platform) suffers a Broken Object Level Authorization in the builtin search_knowledge_files tool. When native function calling is enabled and a model has no attached knowledge bases, an authenticated user can supply an arbitrary knowledge_id and...

4.3CVSS6AI score0.00226EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:43 p.m.35 views

CVE-2026-54016 Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS0.00226EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:29 p.m.34 views

CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00313EPSS
Exploits1References2
Rows per page
Query Builder