457 matches found
EUVD-2026-29449
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
GHSA-5852-PHMH-8FHR Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
CVE-2026-41713
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
CVE-2026-41713
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
CVE-2026-41712
The CVE-2026-41712 entry concerns Spring AI's chat memory component, where a problematic default (DEFAULT_CONVERSATION_ID) can cause cross-user data exposure when not explicitly overridden. Affected element: the chat memory/session handling; root cause: default configuration that ties user conver...
CVE-2026-41906
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
Missing Authorization
Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...
Prompt Injection
Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that i...
Prompt Injection
Overview org.springframework.ai:spring-ai-model is a Core model interfaces and classes for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is...
Prompt Injection
Overview org.springframework.ai:spring-ai-client-chat is a Spring AI Chat Client AI programming Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is later...
CVE-2026-41906
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
EUVD-2026-28409
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41906
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
PT-2026-38551
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214 Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the conversationchangecustomer operation, which...