Lucene search
K

272 matches found

Cvelist
Cvelist
added 2026/03/18 7:36 a.m.32 views

CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS0.00522EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 7:36 a.m.4 views

CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 7:36 a.m.64 views

CVE-2026-22730

CVE-2026-22730 describes a critical SQL injection vulnerability in Spring AI’s MariaDBFilterExpressionConverter, enabling bypass of metadata-based access controls and arbitrary SQL execution. Technical details across connected sources indicate the issue stems from missing input sanitization when ...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability; this vulnerability stems from the lack of input cleaning in the...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26096

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckan package search and sparql query that accept a base url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal...

5.3CVSS5.9AI score0.00289EPSS
Exploits1References7
Snyk
Snyk
added 2026/03/17 12:0 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

8.6CVSS6AI score0.00521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.17 views

PT-2026-25939

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 and 1.1.3 Description A JSONPath injection issue exists in Spring AI’s AbstractFilterExpressionConverter. Authenticated users can bypass metadata-based access controls by using crafted filter expressions...

8.6CVSS5.8AI score0.00521EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25864

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.6 Description Admidio, an open-source user management solution, contains a flaw in the SSO Metadata API. The modules/sso/fetch metadata.php endpoint accepts an arbitrary URL via the $ GET'url' parameter. This...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References10
OSV
OSV
added 2026/03/12 2:23 p.m.2 views

GHSA-56CV-C5P2-J2WG SiYuan has a Full-Read SSRF via /api/network/forwardProxy

Summary The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to...

8.3CVSS6AI score0.00278EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/12 2:23 p.m.9 views

SiYuan has a Full-Read SSRF via /api/network/forwardProxy

Summary The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24836

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description SiYuan is a personal knowledge management system. The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a...

9.9CVSS7.2AI score0.22162EPSS
Exploits69References137
CVE
CVE
added 2026/03/06 9:5 p.m.16 views

CVE-2026-30233

Technical details for CVE-2026-30233 are not publicly available in the provided connected documents. Monitor for updates.

6.5CVSS5.8AI score0.00417EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.4 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 4:55 p.m.5 views

CVE-2025-45691

A flaw was found in Ragas. Improper validation of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs leads to Server-Side Request Forgery SSRF. This vulnerability allows attackers to perform arbitrary file reads, conduct internal port scans and access cloud metadata...

7.5CVSS5.8AI score0.00534EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/03/06 4:13 a.m.3 views

CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.8AI score0.00628EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/05 9:43 p.m.8 views

Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer

Summary The webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.. When webhook events fire, the...

8.5CVSS5.9AI score0.00284EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:24 a.m.9 views

Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/27 9:1 p.m.6 views

CVE-2026-28352 Indico missing access check in event series management API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 9:30 a.m.10 views

EUVD-2025-208131

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

5CVSS5.9AI score0.00348EPSS
Exploits0References8
Rows per page
Query Builder