Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6504 matches found

NVD
NVDadded 2026/04/28 9:16 a.m.2 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS0.00024EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 9:16 a.m.0 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS0.00018EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/04/28 9:7 a.m.75 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...

10CVSS8AI score0.94358EPSS
Exploits341
OSV
OSVadded 2026/04/28 8:37 a.m.0 views

BIT-ACTIVEMQ-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.00073EPSS
Exploits0References3
NVD
NVDadded 2026/04/28 8:16 a.m.0 views

CVE-2026-40966

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

5.9CVSS0.00053EPSS
Exploits0References2
CVE
CVEadded 2026/04/28 7:31 a.m.4 views

CVE-2026-40980

In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...

6.5CVSS5.2AI score0.00068EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/28 7:31 a.m.1 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.2AI score0.00068EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/28 7:31 a.m.23 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS0.00068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/28 7:31 a.m.2 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.2AI score0.00068EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/28 7:31 a.m.1 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/28 7:31 a.m.26 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS0.00018EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/28 7:31 a.m.1 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00018EPSS
Exploits0References1
CVE
CVEadded 2026/04/28 7:31 a.m.2 views

CVE-2026-40979

Technical details (affected products, versions, impact, fixes) are not publicly available in the provided documents. Monitor for updates.

6.1CVSS5.2AI score0.00018EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/28 7:31 a.m.1 views

EUVD-2026-26012

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00018EPSS
Exploits0References1
CVE
CVEadded 2026/04/28 7:18 a.m.4 views

CVE-2026-40978

Summary: CVE-2026-40978 is a SQL injection vulnerability in Spring AI’s CosmosDBVectorStore. Affected versions: Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). Issue: Attackers can trigger arbitrary SQL queries via crafted document IDs, enabling high-severity impact as pe...

8.8CVSS6.1AI score0.00024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/28 7:18 a.m.1 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6AI score0.00024EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 7:16 a.m.0 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS0.00031EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/28 6:42 a.m.2 views

CVE-2026-40966 VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

5.9CVSS5.2AI score0.00053EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:42 a.m.0 views

CVE-2026-40966

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

5.9CVSS5.2AI score0.00053EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/04/28 6:3 a.m.0 views

EUVD-2026-25994

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00031EPSS
Exploits0References1
Rows per page
Query Builder