Lucene search
K

9320 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:5 p.m.9 views

Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)

Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...

7.5CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 12:37 p.m.7 views

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00654EPSS
Exploits1References1
CVE
CVE
added 2026/05/04 12:37 p.m.104 views

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:37 p.m.120 views

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

0.00654EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:56 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

7.5CVSS6.6AI score0.00492EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:55 a.m.14 views

Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:55 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904.

Summary IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/29 6:18 a.m.6 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 4:43 p.m.12 views

CLSA-2026-1777394614 nodejs: Fix of 3 CVEs

CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges - CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage -...

7.5CVSS7AI score0.26356EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/28 2:25 p.m.109 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

9.8CVSS9.1AI score0.99939EPSS
Exploits36
OSV
OSV
added 2026/04/28 9:34 a.m.6 views

GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.8AI score0.00394EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 9:34 a.m.8 views

Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.8AI score0.00394EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/28 7:16 a.m.4 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 6:3 a.m.7 views

EUVD-2026-25994

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/28 6:3 a.m.40 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS0.00394EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:3 a.m.5 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/28 6:3 a.m.22 views

CVE-2026-40967

Summary : CVE-2026-40967 affects Spring AI 1.0.0–1.0.5 (fix in 1.0.6) and 1.1.0–1.1.4 (fix in 1.1.5). In several FilterExpressionConverter implementations, filter expression keys/values aren’t properly escaped, enabling an attacker to alter vector store queries. This could impact query integrity ...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.6 views

CVE-2026-7045

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessordoDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the...

6.5CVSS5.2AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35667

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...

8.6CVSS5.8AI score0.00394EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/27 9:0 p.m.13 views

Regular Expression Denial of Service (ReDoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the CSS selector tokenizer in css/tokenizer.rb. An attacker can cause excessive resource consumption by supplying malicious input to...

7.5CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder