WeKnora 命令注入漏洞

WeKnora is an LLM-based framework open-sourced by Tencent with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. Command injection vulnerability exists in WeKnora versions prior to 0.2.5 , the vulnerability stems from insufficient...

GHSA-78H3-63C4-5FQC WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

EUVD-2026-1695

WeKnora has Command Injection in MCP stdio test...

EUVD-2026-1696

WeKnora vulnerable to SQL Injection...

PT-2026-2242

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, a command injection vulnerability exists that allows authenticated users t...

PT-2026-2241

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is a framework designed for document understanding and semantic retrieval. Prior to version 0.2.5, when the Agent service is enabled, insufficient backend validation allows attackers to bypas...

EUVD-2025-31386

Malicious code in bioql PyPI...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...

PT-2025-39691

Name of the Vulnerable Software and Affected Versions Tencent WeKnora version 0.1.0 Description A security flaw exists in Tencent WeKnora version 0.1.0. The testEmbeddingModel function within the /api/v1/initialization/embedding/test file is susceptible to server-side request forgery. Manipulatio...

WeKnora 代码问题漏洞

WeKnora is an LLM-based framework open-sourced by Tencent, with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A code issue vulnerability exists in WeKnora version 0.1.0, which stems from incorrect manipulation of the parameter...