Lucene search
K

57 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43175

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2 days ago20 views

CVE-2026-55405

LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/17 6:39 p.m.14 views

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50596

Name of the Vulnerable Software and Affected Versions langchain4j-mariadb versions prior to 1.2.1-beta8 langchain4j-mariadb versions prior to 1.5.1-beta11 langchain4j-mariadb versions prior to 1.11.8-beta19 langchain4j-mariadb versions prior to 1.16.3-beta26 langchain4j-pgvector versions prior to...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.7 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +9 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.1.0-M1, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.6, =4.0.5.20260423.1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

8.6CVSS5.7AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.8 views

ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.28) +12 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

8.6CVSS5.4AI score0.00394EPSS
Exploits0
Snyk
Snyk
added 2026/04/27 12:0 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-pgvector-store is a Spring AI PGVector Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 12:27 p.m.4 views

OPENSUSE-SU-2026:20489-1 Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 12:14 p.m.3 views

SUSE-SU-2026:21153-1 Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2026:1068-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.26 views

openSUSE Security Advisory (SUSE-SU-2026:1068-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLES15 / openSUSE 15 Security Update : pgvector (SUSE-SU-2026:1068-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1068-1 advisory. This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNS...

8.1CVSS6AI score0.00263EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/26 10:39 a.m.3 views

Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18 Patch Instructions: To install this SUSE update use the SUSE recommended...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 10:39 a.m.3 views

SUSE-SU-2026:1068-1 Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/25 12:0 a.m.3 views

pgvector-devel-0.8.2-1.1 on GA media (moderate)

pgvector-devel-0.8.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10409-1 Rating: moderate Cross-References: CVE-2026-3172 CVSS scores: CVE-2026-3172 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now...

8.1CVSS5.8AI score0.00263EPSS
Exploits0
OSV
OSV
added 2026/03/23 12:0 a.m.6 views

OPENSUSE-SU-2026:10409-1 pgvector-devel-0.8.2-1.1 on GA media

These are all security issues fixed in the pgvector-devel-0.8.2-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 8:31 a.m.4 views

OPENSUSE-SU-2026:20131-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

5.9CVSS6.1AI score0.00332EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 8:31 a.m.2 views

SUSE-SU-2026:20194-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

5.9CVSS6.6AI score0.00332EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

Oracle Linux 9 : postgresql:16 (ELSA-2026-4110)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4110 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1...

8.8CVSS5.9AI score0.01208EPSS
Exploits3References5
Oracle linux
Oracle linux
added 2026/03/09 12:0 a.m.10 views

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47604 1.4.8-1 - Resolves: RHEL-3636 - Initial import for PG 16...

8.8CVSS5.8AI score0.01208EPSS
Exploits3
Rows per page
Query Builder