CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

NVD•added 2026/06/08 3:16 a.m.•9 views

CVE-2026-11481

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument contenthash can lead to use of weak hash. T...

2.5CVSS0.00082EPSS

Exploits0References7

ATTACKERKB•added 2026/06/08 2:45 a.m.•6 views

CVE-2026-11481

2.5CVSS4.6AI score0.00082EPSS

Exploits0References7Affected Software1

Vulnrichment•added 2026/06/08 2:45 a.m.•7 views

CVE-2026-11481 yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

2.5CVSS4.5AI score0.00082EPSS

Exploits0References7

EUVD•added 2026/06/08 2:45 a.m.•12 views

EUVD-2026-35012

2.5CVSS4.6AI score0.00082EPSS

Exploits0References7

CVE•added 2026/06/08 2:45 a.m.•22 views

CVE-2026-11481

CVE-2026-11481 affects yoanbernabeu grepai up to 0.35.0. The vulnerability is in Postgres Embedding Cache: function PostgresStore.LookupByContentHash in file indexer/chunker.go. Manipulating the content_hash argument can lead to the use of a weak hash. Local access is required, with high attack c...

2.5CVSS4.6AI score0.00082EPSS

Exploits0References7

Cvelist•added 2026/06/08 2:45 a.m.•39 views

CVE-2026-11481 yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

2.5CVSS0.00082EPSS

Exploits0References7

Positive Technologies•added 2026/06/08 12:0 a.m.•11 views

PT-2026-47243

2.5CVSS4.5AI score0.00082EPSS

Exploits0References8

CNNVD•added 2026/06/08 12:0 a.m.•7 views

grepai 加密问题漏洞

grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of the parameter contenthash in the PostgresStore.LookupByContentHash function within the file...

2.5CVSS4.6AI score0.00082EPSS

Exploits0References1

NVD•added 2026/06/05 2:16 p.m.•11 views

CVE-2026-11330

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS0.00075EPSS

Exploits0References8

ATTACKERKB•added 2026/06/05 12:45 p.m.•5 views

CVE-2026-11330

3.6CVSS4.7AI score0.00075EPSS

Exploits0References9Affected Software1

EUVD•added 2026/06/05 12:45 p.m.•8 views

EUVD-2026-34828

3.6CVSS4.7AI score0.00075EPSS

Exploits0References8

ATTACKERKB•added 2026/05/15 4:2 p.m.•4 views

CVE-2026-45539

Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...

7.4CVSS5.8AI score0.00654EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/10 6:28 p.m.•3 views

GO-2026-4616 Gogs: Cross-repository LFS object overwrite via missing content hash verification in gogs.io/gogs

Gogs: Cross-repository LFS object overwrite via missing content hash verification in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.3CVSS5.8AI score0.00327EPSS

Exploits1References5

Snyk•added 2026/03/05 9:13 p.m.•5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

9.3CVSS5.8AI score0.00327EPSS

Exploits1References2

Snyk•added 2026/03/05 9:13 p.m.•6 views

Insufficient Verification of Data Authenticity

9.3CVSS5.8AI score0.00327EPSS

Exploits1References2

Cvelist•added 2026/03/05 6:36 p.m.•25 views

CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS0.00327EPSS

Exploits1References4

OSV•added 2026/03/05 6:36 p.m.•7 views

CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification

9.3CVSS6.8AI score0.00327EPSS

Exploits1References6

Veeam•added 2026/01/08 12:0 a.m.•18 views

Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters

Challenge Jobs targeting an S3-Compatible repository fail with either of the following errors: Error: S3 error: Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters Code: InvalidRequest Agent failed to process method S3 error: Checksum Type mismatch occurred,...

6.6AI score

Exploits0Affected Software1

RedhatCVE•added 2025/12/03 8:57 a.m.•4 views

CVE-2025-13516

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...

8.1CVSS7.4AI score0.00858EPSS

Exploits0References1

EUVD•added 2025/11/24 12:36 p.m.•3 views

EUVD-2025-198698

Malicious code in @ensdomains/content-hash npm...

6.6AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by