3 matches found
CVE-2026-41705
Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...
PT-2022-26043 · Unknown · Deep-Object-Diff
Name of the Vulnerable Software and Affected Versions: deep-object-diff versions 1.1.0 through 1.1.5 Description: The issue allows an external attacker to edit or add new properties to an object because the application does not properly validate incoming JSON keys, thus allowing the proto propert...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...