Lucene search
+L

75 matches found

cvelist
cvelist
added 2026/06/28 9:45 p.m.33 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
vulnersosv
vulnersosv
added 2026/05/15 4:55 p.m.7 views

calibrate-agent (>=0.0.1 <=0.0.43), nvidia-pipecat (=0.4.0) +2 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=0.0.98)

pipecat-ai PYPI version =0.0.90, =0.0.1, =1.6.1.dev8325111910350515310, =1.7.1.dev260424103102100484 Source cves: CVE-2026-44716 Source advisory: SNYK:PYTHON-PIPECATAI-16700145...

7.5CVSS7.2AI score0.00423EPSS
Exploits1
osv
osv
added 2026/04/28 9:34 a.m.13 views

GHSA-26GG-9GV2-V27J Spring AI Vulnerable to OOM by attacker-controlled PDF

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References3
hackread
hackread
added 2026/04/07 3:55 p.m.14 views

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data...

5.9AI score
Exploits0
attackerkb
attackerkb
added 2026/04/03 8:27 p.m.3 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/04/03 5:8 a.m.5 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/02 4:45 a.m.2 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.9 views

PT-2026-29679

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A security issue exists in vanna-ai vanna, specifically within the Chat API Endpoint component. A manipulation of the /api/vanna/v2/ file results in missing authentication. This can be exploited...

7.5CVSS7.1AI score0.00414EPSS
Exploits0References8
thn
thn
added 2026/03/31 1:9 p.m.5 views

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...

6.2AI score
Exploits0
cve
cve
added 2026/03/27 5:41 p.m.17 views

CVE-2026-4965

CVE-2026-4965 affects letta-ai letta 0.16.4. The vulnerability resides in letta/functions/ast_parsers.py, in the resolve_type function, where improper neutralization of directives in dynamically evaluated code enables remote arbitrary-code execution. The issue is linked to an incomplete fix for C...

9.8CVSS6.1AI score0.00604EPSS
Exploits1References4Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:15 p.m.10 views

CVE-2026-4513

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:15 p.m.5 views

CVE-2026-4511

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References1
thn
thn
added 2026/03/26 11:45 a.m.8 views

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery...

6.2AI score
Exploits0
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.4 views

PT-2026-28098

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.29.0 Description Gotenberg, an API for converting document formats, contains a flaw related to URL scheme handling. A previously implemented fix for CVE-2024-21527 could be bypassed by utilizing mixed-case or...

8.8CVSS6AI score0.00538EPSS
Exploits1References51
nvd
nvd
added 2026/03/21 9:16 a.m.4 views

CVE-2026-4511

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

6.5CVSS0.00232EPSS
Exploits0References4
euvd
euvd
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12376

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References5
nvd
nvd
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4231

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

7.5CVSS0.00278EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/03/16 8:32 a.m.3 views

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4
ibm
ibm
added 2026/02/24 7:19 p.m.7 views

Security Bulletin: Vulnerabilities in ai-5.0.26.tgz affecting MongoDB Enterprised Advanced (CVE-2025-48985)

Summary There is a vulnerability in ai-5.0.26.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-48985. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-48985 DESCRIPTION: A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta....

5.3CVSS5.5AI score0.00259EPSS
Exploits0Affected Software1
schneier
schneier
added 2026/02/18 12:3 p.m.12 views

AI Found Twelve New Vulnerabilities in OpenSSL

The title of the post is"What AI Security Research Looks Like When It Works," and I agree: In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities meaning unknown to the maintainers at time of disclosure were announced. Our AI system is responsible for the...

9.8CVSS5.8AI score0.47621EPSS
Exploits7
Rows per page
Query Builder