Lucene search
K

62 matches found

EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40004

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 10:16 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 9:30 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/28 9:30 p.m.36 views

CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 9:30 p.m.15 views

CVE-2026-13507

Summary (CVE-2026-13507) Volcengine OpenViking up to 0.3.21 is affected in the Local VectorDB Primary-key Label Handler, specifically the str_to_uint64 function in openviking/storage/vectordb/utils/str_to_uint64.py. The issue arises from manipulating the argument ID, causing insufficient verifica...

5CVSS5.5AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53163

Name of the Vulnerable Software and Affected Versions volcengine OpenViking versions prior to 0.3.22 Description Insufficient verification of data authenticity exists within the Local VectorDB Primary-key Label Handler component. The issue occurs in the str to uint64 function located in the...

5CVSS6AI score0.00138EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/17 9:31 p.m.2 views

Not Failing Securely ('Failing Open')

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the VikingBot OpenAPI HTTP route when the apikey configuration value is unset or empty. An attacker can invoke privileged bot-control functionalit...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/17 9:31 p.m.4 views

EUVD-2026-23464

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 9:31 p.m.5 views

GHSA-JGQ2-VQ69-GR6H OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/17 9:31 p.m.10 views

OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.4AI score0.00571EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/17 7:16 p.m.6 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS0.00571EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/17 6:19 p.m.33 views

CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS0.00571EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:19 p.m.4 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References5
CVE
CVE
added 2026/04/17 6:19 p.m.29 views

CVE-2026-40525

OpenViking prior to commit c7bb167 contains an authentication bypass in the VikingBot OpenAPI HTTP route surface. If api_key is unset or empty, authentication checks fail and remote attackers with network access can invoke privileged bot-control functionality without a valid X-API-Key header, inc...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Previous versions of OpenViking had security vulnerabilities. These vulnerabilities stemmed from a flaw in the HTTP routing mechanism of the VikingBot OpenAPI, which allowed authentication...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/08 7:57 p.m.4 views

CVE-2026-22680

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 6:31 p.m.4 views

EUVD-2026-19744

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/07 6:31 p.m.20 views

OpenViking contains a missing authorization vulnerability in the task polling endpoints

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/04/07 6:31 p.m.4 views

Missing Authorization

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authorization via the task polling. An attacker can access sensitive metadata belonging to other users by sending unauthenticated requests to the /api/v1/tasks and...

6.9CVSS5.8AI score0.00384EPSS
Exploits1References2
Rows per page
Query Builder