Lucene search
K

110 matches found

Github Security Blog
Github Security Blog
added 2026/02/05 9:22 p.m.17 views

qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

8.8CVSS6.2AI score0.0049EPSS
Exploits1References5Affected Software1
Chainguard
Chainguard
added 2026/02/05 7:17 a.m.6 views

CVE-2026-25537 vulnerabilities

Vulnerabilities for packages: lychee, uv, wasmcloud, lakekeeper, komodo, py3-xet-core, zed, qdrant...

7.5CVSS5.9AI score0.00443EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/05 7:17 a.m.3 views

GHSA-H395-GR6Q-CPJC vulnerabilities

Vulnerabilities for packages: lychee, uv, wasmcloud, lakekeeper, komodo, py3-xet-core, zed, qdrant...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/05 1:48 a.m.2 views

GHSA-H395-GR6Q-CPJC vulnerabilities

Vulnerabilities for packages: wasmcloud, uv, qdrant, zed, lychee, py3-xet-core...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/05 1:48 a.m.5 views

CVE-2026-25537 vulnerabilities

Vulnerabilities for packages: wasmcloud, uv, qdrant, zed, lychee, py3-xet-core...

7.5CVSS5.9AI score0.00443EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6654

Name of the Vulnerable Software and Affected Versions Qdrant versions 1.9.3 through 1.15.5 Description Qdrant, a vector similarity search engine and vector database, contains a flaw where an attacker can append to arbitrary files via the /logger endpoint. This is possible due to an...

8.5CVSS6.2AI score0.0049EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.13 views

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References1
NVD
NVD
added 2026/01/27 12:15 a.m.8 views

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS0.01566EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 11:22 p.m.5 views

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 11:22 p.m.5 views

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/26 11:22 p.m.35 views

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS0.01566EPSS
Exploits1References1
OSV
OSV
added 2026/01/26 11:22 p.m.7 views

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/26 11:22 p.m.7 views

EUVD-2026-4732

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References1
CVE
CVE
added 2026/01/26 11:22 p.m.43 views

CVE-2026-24477

CVE-2026-24477 affects AnythingLLM (prior to 1.10.0) when configured with Qdrant as the vector database. The root cause is exposure of the QdrantApiKey in plain text through the /api/setup-complete endpoint, enabling an unauthenticated attacker to gain full read/write access to the Qdrant vector ...

8.7CVSS5.9AI score0.01566EPSS
In wildExploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.10 views

PT-2026-4834

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 4:49 a.m.2 views

Malicious Package

Overview qdrant-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/01/21 4:49 a.m.4 views

EUVD-2026-3719

Malicious code in qdrant-js npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 4:49 a.m.10 views

Malicious code in qdrant-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ad84f3d1657583a0a6fa9d58b06258298369ea5e4ee10ac0516c3f641b33871 The package qdrant-js was found to contain malicious code. Source: ghsa-malware 789e158c461e8c11f86da5b04f09dab1797536199084bf548efc2f3ee13b33f1 Any...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:49 a.m.5 views

MAL-2026-426 Malicious code in qdrant-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ad84f3d1657583a0a6fa9d58b06258298369ea5e4ee10ac0516c3f641b33871 The package qdrant-js was found to contain malicious code. Source: ghsa-malware 789e158c461e8c11f86da5b04f09dab1797536199084bf548efc2f3ee13b33f1 Any...

5.5AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-42734

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00809EPSS
Exploits1References2
Rows per page
Query Builder