Lucene search
+L

16 matches found

nvd
nvd
added last week4 views

CVE-2026-55405

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...

7.6CVSS0.00348EPSS
Exploits0References7
cve
cve
added last week30 views

CVE-2026-55405

LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References7
cvelist
cvelist
added last week31 views

CVE-2026-55405 LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...

7.6CVSS0.00348EPSS
Exploits0References7
osv
osv
added last week3 views

CVE-2026-55405 LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References9
osv
osv
added 2026/07/06 9:34 a.m.3 views

CVE-2026-49042 Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS6.1AI score0.00399EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/06 9:34 a.m.35 views

CVE-2026-49042 Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

0.00399EPSS
Exploits0References1
github
github
added 2026/06/17 6:39 p.m.16 views

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software2
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-2569

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00253EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 11:34 a.m.5 views

CVE-2025-21604

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

6.9CVSS6.6AI score0.00253EPSS
Exploits0References1
nvd
nvd
added 2025/01/06 4:15 p.m.32 views

CVE-2025-21604

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

6.9CVSS0.00253EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/06 3:34 p.m.8 views

CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

6.9CVSS6.6AI score0.00253EPSS
Exploits0References2
cve
cve
added 2025/01/06 3:34 p.m.64 views

CVE-2025-21604

CVE-2025-21604 affects LangChain4j-AIDeepin before version 3.5.0. The root cause is the use of MD5 to hash files, which may cause file upload conflicts. The issue is fixed in 3.5.0. Remediation: upgrade to 3.5.0 (or later). Exploitation details are not provided in the available documents.

6.9CVSS6.3AI score0.00253EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/06 3:34 p.m.33 views

CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

6.9CVSS0.00253EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/01/06 12:0 a.m.7 views

LangChain4j-AIDeepin 安全漏洞

LangChain4j-AIDeepin is an AI-based work efficiency improvement tool by moyangzhan's personal developer. It can be used to assist enterprises/teams in technical research and development, product design, personnel/financial/IT information consulting, system/commodity consulting, customer service...

6.9CVSS6.5AI score0.00253EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/01/06 12:0 a.m.4 views

PT-2025-4294 · Unknown · Langchain4J-Aideepin

Name of the Vulnerable Software and Affected Versions: LangChain4j-AIDeepin versions prior to 3.5.0 Description: LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to version 3.5.0, it used MD5 to hash files, which may cause file upload conflicts. Recommendations: For...

6.9CVSS7.2AI score0.00253EPSS
Exploits0References7
spring
spring
added 2024/11/12 12:0 a.m.36 views

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

7.2AI score
Exploits0
Rows per page
Query Builder