Lucene search
+L

86 matches found

vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.10 views

org.jetos.app:jet-privacy (>=0.0.1 <=0.0.2), org.springframework.ai:spring-ai-milvus-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +3 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-milvus-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.0.0-M5, =0.0.1, =1.0.0-M5, =1.0.0, =1.3.0, =1.3.8 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321391...

8.6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.18 views

org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-milvus-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321391...

8.6CVSS5.8AI score0.00394EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/26 7:17 p.m.6 views

GHSA-PQ2Q-RCW4-3HR6 vulnerabilities

Vulnerabilities for packages: milvus, k3s, rke2-runtime-fips...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/03/26 7:17 p.m.6 views

CVE-2026-27889 vulnerabilities

Vulnerabilities for packages: milvus, k3s, rke2-runtime-fips...

7.5CVSS6AI score0.00582EPSS
Exploits0
Veracode
Veracode
added 2026/03/16 5:56 p.m.7 views

Improper Authentication

Milvus is vulnerable to Improper Authentication. The vulnerability is due to improper validation of the sourceID header in the Milvus Proxy component, which allows an attacker to bypass authentication and gain full administrative access to the Milvus cluster...

9.3CVSS5.8AI score0.0107EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.34346EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 8:43 a.m.20 views

BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

9.3CVSS5.7AI score0.0107EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 8:47 a.m.5 views

BIT-MILVUS-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.34346EPSS
Exploits1References5
OSV
OSV
added 2026/02/17 6:9 p.m.11 views

GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus

Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

9.8CVSS5.6AI score0.34346EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.5 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.7AI score0.34346EPSS
Exploits1References1
NVD
NVD
added 2026/02/13 7:17 p.m.9 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.34346EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/13 6:44 p.m.120 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.34346EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/13 6:44 p.m.5 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.7AI score0.34346EPSS
Exploits1References4
CVE
CVE
added 2026/02/13 6:44 p.m.28 views

CVE-2026-26190

Milvus prior to versions 2.5.27 and 2.6.10 exposes TCP 9091 by default, enabling authentication bypasses. The /expr debug endpoint uses a weak default token (etcd.rootPath, default: by-dev) allowing arbitrary expression evaluation. The REST API (/api/v1/*) is registered on the metrics/management ...

9.8CVSS5.7AI score0.34346EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/13 6:44 p.m.6 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.34346EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

milvus 访问控制错误漏洞

Milvus is a high-performance cloud-native vector database open source project by The Milvus Project. Versions of Milvus prior to 2.5.27 and 2.6.10 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the default exposed TCP port 9091, which could...

9.8CVSS6AI score0.34346EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.17 views

PT-2026-8025

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 Description Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 ...

9.9CVSS5.6AI score0.34346EPSS
Exploits45References126
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/12 1:59 a.m.7 views

Malicious code in milvus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51a90c757a7d1ca3d7c7a43b2ace0810059fb75ec0a78742889eb69928300d04 The package milvus-js was found to contain malicious code. Source: ghsa-malware cad32ba8c32f231e0bef97a0205ecd76770e320336fb50b85f57b0454747f6fd Any...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2026/01/12 1:59 a.m.2 views

Malicious Package

Overview milvus-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2026/01/12 1:59 a.m.3 views

EUVD-2026-1978

Malicious code in milvus-js npm...

6.6AI score
Exploits0References1
Rows per page
Query Builder