Lucene search
K

93 matches found

OSV
OSV
added 2026/05/08 7:52 p.m.6 views

GHSA-RCVP-6FGW-C7FH Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show Affected Component Ollama proxy endpoints missing model access control: - backend/openwebui/routers/ollama.py lines 955-995, generatecompletion - backend/openwebui/routers/ollama.py lines 835-881, emb...

5.4CVSS5.9AI score0.00238EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39280

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Four Ollama proxy endpoints accept any model name from the user and forward the request to the Ollama backend without verifying if the user is authorized to access that model. While these endpoint...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.11 views

Quantifiable Uncertainty: A Stochastic Consensus Multi-Agent RAG Framework for Robust Malware Detection

While contemporary deep learning malware detectors define a dominant defense paradigm, their sophistication also exposes them to novel structural evasion attacks, a limitation we attribute to their inherent inability to express epistemic uncertainty. To address this challenge, we present MAGMA, a...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.10 views

One Single Hub Text Breaks CLIP: Identifying Vulnerabilities in Cross-Modal Encoders Via Hubness

The hubness problem, in which hub embeddings are close to many unrelated examples, occurs often in high-dimensional embedding spaces and may pose a practical threat for purposes such as information retrieval and automatic evaluation metrics. In particular, since cross-modal similarity between tex...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

AsmRAG: LLM-Driven Malware Detection by Retrieving Functionally Similar Assembly Code

Deep learning malware detectors achieve high classification accuracy but suffer from severe interpretability limitations, typically returning probabilistic verdicts that lack forensic context. We introduce AsmRAG, a framework performing malware analysis through Assembly-Level Retrieval-Augmented...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.5 views

FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings

Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.20 views

VulGD: A LLM-Powered Dynamic Open-Access Vulnerability Graph Database

Software vulnerabilities continue to pose significant threats to modern information systems, requiring a timely and accurate risk assessment. Public repositories, such as the National Vulnerability Database and CVE details, are regularly updated, but predominantly utilize relational data models...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:34 p.m.6 views

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

8.6CVSS7AI score0.00761EPSS
Exploits3Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28324

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3 Description Spring AI's SimpleVectorStore component contains a SpEL injection flaw. This occurs when user-provided input is used as a filter expression key. A malicious actor can...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.10 views

SUSE CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.3 views

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/07 4:35 p.m.31 views

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

5.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 4:35 p.m.21 views

CVE-2026-30859

WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/07 4:35 p.m.3 views

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:35 p.m.4 views

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/06 11:57 p.m.8 views

WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/06 11:57 p.m.5 views

GHSA-2F4C-VRJQ-RCGV WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

7.5CVSS5.9AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23802

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora is a framework for deep document understanding and semantic retrieval. A broken access control issue in the database query tool allows any authenticated tenant to read sensitive data belongi...

9.9CVSS5.9AI score0.22162EPSS
Exploits70References137
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.5 views

Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...

5.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/11 10:23 p.m.8 views

@cognigy/cognigy-cli (>=1.9.7 <=2.1.0), @meta-1/nest-ai (>=0.0.1 <=0.0.5) +10 more potentially affected by CVE-2026-26019 via @langchain/community (>=1.0.0 <=1.1.12)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.2.0, =0.0.16, =1.4.13, =1.0.24, =1.0.0, =3.1.0, =0.3.0, =0.0.210, =0.1.1, =0.1.2 Source cves: CVE-2026-26019 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15268428...

4.1CVSS7.5AI score0.00371EPSS
Exploits0
Rows per page
Query Builder