9 matches found
CVE-2026-40980
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
PT-2024-30508 · Cozythemes · Hello Agency
Name of the Vulnerable Software and Affected Versions: CozyThemes Hello Agency versions 1.0.0 through 1.0.5 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.0.0 throug...
PT-2024-34263 · Unknown · Acnoo Flutter Api
Name of the Vulnerable Software and Affected Versions: Acnoo Flutter API versions 1.0.0 through 1.0.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a problem where the authentication process can be bypassed,...
CVE-2024-9575 Local File Inclusion in pretix-widget WordPress plugin
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5...
UBUNTU-CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
Spring Authorization Server Security Vulnerability
VMware Spring Authorization Server is a framework for building secure OAuth 2.0 and OpenID Connect 1.0 authorization servers from VMware. A security vulnerability exists in Spring Authorization Server that stems from the vulnerability of an application to a PKCE downgrade attack when the PKCE...
PT-2024-21221 · Sitepact · Sitepact
Name of the Vulnerable Software and Affected Versions: Sitepact versions 1.0.0 through 1.0.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. Recommendations: For...
GHSA-H6XG-RG33-9MF4 deep-defaults vulnerable to prototype pollution
Overview Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Details The NPM module deep-defaults can be abused by Prototype Pollution vulnerability since the function deepDefaults do...