4 matches found
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
PT-2024-39041 · Unknown · Wifiburada
Name of the Vulnerable Software and Affected Versions: WiFiBurada versions prior to 1.0.5 Description: The issue is related to an authentication bypass by assumed-immutable data, allowing the manipulation of user-controlled variables. This can potentially be exploited to gain unauthorized access...
PT-2024-27812 · Ckeditor · Ckeditor Open Link Plugin
Name of the Vulnerable Software and Affected Versions: CKEditor Open Link plugin versions prior to 1.0.5 Description: The issue allows execution of JavaScript code by abusing the link href attribute. It affects users of the Open Link plugin. Recommendations: For versions prior to 1.0.5, update to...
PT-2023-16622 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.5 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository answerdev/answer. Cross-site Scripting XSS is a type of security vulnerability that occurs wh...