Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

Security Bulletin: Astronomer with IBM is vulnerable to event thread locking due to the starlette package (CVE-2025-54121)

Summary Starlette is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In...

Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)

Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled redirects due to the urllib3 package (CVE-2025-50181, CVE-2025-50182)

Summary urllib3 is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a...

Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...

CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

Security Bulletin: Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact,...

SUSE CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

Ember.js Cross-site Scripting vulnerability

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

CVE-2022-25990

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2019-12186

An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through...

Wireshark Multiple Vulnerabilities-01 March 11 (Mac OS X)

The host is installed with Wireshark and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkmultvuln01mar11macosx.nasl 5958 2017-04-17 09:02:19Z teissa $ Wireshark Multiple Vulnerabilities-01 March 11 Mac OS X Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...

FreeBSD Ports: openttd

The remote host is missing an update to the system as announced in the referenced advisory. VID 373e412e-f748-11df-96cd-0015f2db7bde OpenVAS Vulnerability Test $ Description: Auto generated from VID 373e412e-f748-11df-96cd-0015f2db7bde Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Joomla Redtwitter Local File Inclusion

========================================================================================================================= o Joomla Component redTWITTER Local File Inclusion Vulnerability Software : comredtwitter version 1.0.x Vendor : http://redcomponent.com/ Author : NoGe Contact :...

Joomla Component redTWITTER Local File Inclusion Vulnerability

Exploit for php platform in category web applications ============================================================== Joomla Component redTWITTER Local File Inclusion Vulnerability ==============================================================...

VMware Serve Directory Traversal Vulnerability - Nov09 (Linux)

The host is installed with VMWare products and is prone to multiple vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareservdirtravvulnnov09lin.nasl 6518 2017-07-04 13:49:06Z cfischer $ VMware Server Directory Traversal Vulnerability - Nov09 Linux Authors: Sharath S Copyright: Copyright c 2009...

Google Chrome Timeout XSS Vulnerability

Google Chrome is prone to XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wireshark 1.0.x - .ncf Packet Capture Local Denial of Service

Wireshark 1.0.x - .ncf Packet Capture Local Denial of Service Wireshark 1.0.x .ncf local denial of service author: Shinnok Description Wireshark 1.0.x crashes as a result of a failed assertion when dealing with a malformed Tamosoft CommView .ncf packet capture: Err file wtap.c: line 620 wtapread:...

PT-2006-4866 · Scatterchat · Scatterchat

Name of the Vulnerable Software and Affected Versions: ScatterChat versions 1.0.x Description: The issue allows attackers to identify patterns in large numbers of messages by exploiting collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. Recommendations: Fo...