4 matches found
CVE-2026-60090
CVE-2026-60090 affects PraisonAI prior to 4.6.78, exposing a SQL/CQL injection risk via the vector dimension in the PGVector and Cassandra knowledge-store backends. The root cause is that the caller-controlled dimension value is interpolated into the generated CREATE TABLE DDL without runtime enf...
EUVD-2026-43175
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...
SUSE CVE-2023-0290
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...
PT-2023-16146 · Rapid7 · Rapid7 Velociraptor
Name of the Vulnerable Software and Affected Versions: Rapid7 Velociraptor versions prior to 0.6.7-5 Description: The issue allows a directory traversal where the collection task could be written by not properly sanitizing the client ID parameter to the "CreateCollection API". This could be...