SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

SQL Injection

Overview org.springframework.ai:spring-ai-azure-cosmos-db-store is a Spring AI Vector Store for Azure Cosmos DB Affected versions of this package are vulnerable to SQL Injection via document ID handling in CosmosDBVectorStore. An attacker can execute arbitrary SQL queries by supplying crafted...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...

Microsoft Azure Cosmos DB Spoofing Vulnerability

Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...

EUVD-2025-204423

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

Microsoft Azure Cosmos DB 跨站脚本漏洞

Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...

PT-2025-52373

Name of the Vulnerable Software and Affected Versions Azure Cosmos DB affected versions not specified Description An issue exists in Azure Cosmos DB related to improper neutralization of input during web page generation, leading to a cross-site scripting condition. This allows an unauthorized...

EUVD-2025-175617

Malicious code in webdriver-manager-cosmos-mongoose-got npm...

poc-muliple-dbs

Multi Cosmos DB API A .NET 8 RESTful API demonstrating how to...

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...