Lucene search
+L

9 matches found

Cvelist
Cvelist
added 2026/04/28 7:31 a.m.29 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:3 a.m.5 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.9 views

PT-2024-30508 · Cozythemes · Hello Agency

Name of the Vulnerable Software and Affected Versions: CozyThemes Hello Agency versions 1.0.0 through 1.0.5 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.0.0 throug...

9.8CVSS6.5AI score0.00465EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.10 views

PT-2024-34263 · Unknown · Acnoo Flutter Api

Name of the Vulnerable Software and Affected Versions: Acnoo Flutter API versions 1.0.0 through 1.0.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a problem where the authentication process can be bypassed,...

9.8CVSS6.7AI score0.00525EPSS
Exploits0References6
OSV
OSV
added 2024/10/09 9:40 a.m.2 views

CVE-2024-9575 Local File Inclusion in pretix-widget WordPress plugin

Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5...

8.5CVSS5.9AI score0.00522EPSS
Exploits0References6
OSV
OSV
added 2024/03/20 4:15 a.m.4 views

UBUNTU-CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS5.8AI score0.00522EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.6 views

Spring Authorization Server Security Vulnerability

VMware Spring Authorization Server is a framework for building secure OAuth 2.0 and OpenID Connect 1.0 authorization servers from VMware. A security vulnerability exists in Spring Authorization Server that stems from the vulnerability of an application to a PKCE downgrade attack when the PKCE...

6.1CVSS6.9AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.6 views

PT-2024-21221 · Sitepact · Sitepact

Name of the Vulnerable Software and Affected Versions: Sitepact versions 1.0.0 through 1.0.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. Recommendations: For...

9.8CVSS9.7AI score0.00377EPSS
Exploits0References8
OSV
OSV
added 2022/05/24 7:3 p.m.47 views

GHSA-H6XG-RG33-9MF4 deep-defaults vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Details The NPM module deep-defaults can be abused by Prototype Pollution vulnerability since the function deepDefaults do...

9.8CVSS6AI score0.02961EPSS
Exploits1References4
Rows per page
Query Builder