Lucene search
+L

30 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15535 AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS0.00247EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43280

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 2:17 p.m.8 views

CVE-2026-56273

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 1:48 p.m.5 views

EUVD-2026-42251

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 1:48 p.m.14 views

CVE-2026-56273

Flowise prior to 3.1.0 is affected by a path traversal in its Faiss and SimpleStore vector store implementations. The vulnerability arises from unsanitized basePath parameters accepted from authenticated users, enabling attackers with valid API tokens to write vector store data to arbitrary files...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1514 LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...

8.4CVSS6.4AI score0.00358EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS6.1AI score0.00466EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/02 12:31 a.m.8 views

Deserialization of Untrusted Data

Overview mem0ai is a Long-term memory for AI Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle.load or pickle.dump functions in the mem0/vectorstores/faiss.py file. An attacker can execute arbitrary code by providing crafted input to these...

6.5CVSS6.9AI score0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/05/01 9:15 p.m.32 views

CVE-2026-7597

The CVE-2026-7597 vulnerability affects mem0ai mem0 up to version 1.0.11, specifically the pickle.load/pickle.dump path in mem0/vector_stores/faiss.py. An attacker can trigger deserialization remotely via manipulation of pickle operations. Public exploit details exist per the sources. The patch i...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:15 p.m.7 views

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/01 9:15 p.m.8 views

EUVD-2026-26721

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS5.4AI score0.00315EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/01 9:15 p.m.31 views

CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS0.00315EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/01 9:15 p.m.9 views

CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References7
OSV
OSV
added 2026/05/01 9:15 p.m.5 views

CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

5.3CVSS6AI score0.00315EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.27 views

PT-2026-36549

Name of the Vulnerable Software and Affected Versions mem0ai mem0 versions prior to 1.0.12 Description An unsafe deserialization issue exists in the pickle.load and pickle.dump functions within the mem0/vector stores/faiss.py file. This allows a remote attacker to perform a manipulation that...

6.5CVSS6.6AI score0.00315EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.19 views

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

6.5CVSS6.5AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:22 p.m.6 views

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the vector store path handling in Faiss.ts and SimpleStore.ts. An attacker can read from or write to unintended filesystem locations by supplying a crafted basePath wh...

7.1CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/04/16 9:22 p.m.18 views

GHSA-W6V6-49GH-MC9W Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

4.9CVSS6AI score0.0033EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 9:22 p.m.7 views

Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

6AI score
Exploits0References2Affected Software2
NVD
NVD
added 2026/04/08 1:16 a.m.7 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS0.00466EPSS
Exploits0References1
Rows per page
Query Builder