Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

CVE-2026-41705

The CVE affects Spring AI MilvusVectorStore#doDelete(List) and is caused by a filter-expression injection from unsanitized document IDs. Affected are Spring AI 1.0.x (1.0.0–1.0.x); upgrade to 1.0.7+; and Spring AI 1.1.x (1.1.0–1.1.x); upgrade to 1.1.6+. CVSSv3.1 base score 8.6 (HIGH): Network acc...

SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

PT-2026-35687

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

SUSE CVE-2026-33669

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-33669

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-25927

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...

PT-2026-21982

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Versions prior to 8.0.0 have an issue where the DICOM viewer state API does not verify if a document belongs to th...

CVE-2025-4596

Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX...

EUVD-2022-35631

Malicious code in bioql PyPI...

CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids...

CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids...

Oracle E-Business Suite Arbitrary Document Download Vulnerability

This vulnerability allows remote attackers to download any existing document in the APPS.FNDDOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADIBINARY component of the E-Business...