86 matches found
org.jetos.app:jet-privacy (>=0.0.1 <=0.0.2), org.springframework.ai:spring-ai-milvus-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +3 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-milvus-store (>=1.0.0-M5 <=1.0.5)
org.springframework.ai:spring-ai-milvus-store MAVEN version =1.0.0-M5, =0.0.1, =1.0.0-M5, =1.0.0, =1.3.0, =1.3.8 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321391...
org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-milvus-store (>=1.1.0-M1 <=1.1.4)
org.springframework.ai:spring-ai-milvus-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321391...
GHSA-PQ2Q-RCW4-3HR6 vulnerabilities
Vulnerabilities for packages: milvus, k3s, rke2-runtime-fips...
CVE-2026-27889 vulnerabilities
Vulnerabilities for packages: milvus, k3s, rke2-runtime-fips...
Improper Authentication
Milvus is vulnerable to Improper Authentication. The vulnerability is due to improper validation of the sourceID header in the Milvus Proxy component, which allows an attacker to bypass authentication and gain full administrative access to the Milvus cluster...
SUSE CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
BIT-MILVUS-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus
Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190
Milvus prior to versions 2.5.27 and 2.6.10 exposes TCP 9091 by default, enabling authentication bypasses. The /expr debug endpoint uses a weak default token (etcd.rootPath, default: by-dev) allowing arbitrary expression evaluation. The REST API (/api/v1/*) is registered on the metrics/management ...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
milvus 访问控制错误漏洞
Milvus is a high-performance cloud-native vector database open source project by The Milvus Project. Versions of Milvus prior to 2.5.27 and 2.6.10 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the default exposed TCP port 9091, which could...
PT-2026-8025
Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 Description Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 ...
Malicious code in milvus-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51a90c757a7d1ca3d7c7a43b2ace0810059fb75ec0a78742889eb69928300d04 The package milvus-js was found to contain malicious code. Source: ghsa-malware cad32ba8c32f231e0bef97a0205ecd76770e320336fb50b85f57b0454747f6fd Any...
Malicious Package
Overview milvus-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2026-1978
Malicious code in milvus-js npm...