Lucene search
K

457 matches found

EUVD
EUVD
added 2026/05/12 12:32 p.m.10 views

EUVD-2026-29449

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 12:32 p.m.26 views

GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 12:32 p.m.12 views

GHSA-5852-PHMH-8FHR Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 11:16 a.m.13 views

CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:17 a.m.11 views

CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/12 10:17 a.m.58 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 10:17 a.m.7 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 10:17 a.m.35 views

CVE-2026-41712

The CVE-2026-41712 entry concerns Spring AI's chat memory component, where a problematic default (DEFAULT_CONVERSATION_ID) can cause cross-user data exposure when not explicitly overridden. Affected element: the chat memory/session handling; root cause: default configuration that ties user conver...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.7 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 12:0 a.m.8 views

Missing Authorization

Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.9 views

Prompt Injection

Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that i...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.7 views

Prompt Injection

Overview org.springframework.ai:spring-ai-model is a Core model interfaces and classes for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.9 views

Prompt Injection

Overview org.springframework.ai:spring-ai-client-chat is a Spring AI Chat Client AI programming Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is later...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.30 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 6:9 p.m.56 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 6:9 p.m.11 views

EUVD-2026-28409

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:9 p.m.8 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:9 p.m.8 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38551

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214 Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the conversationchangecustomer operation, which...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder