9 matches found
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
grepai 加密问题漏洞
grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...
CVE-2026-46724
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
EUVD-2026-30864
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
EUVD-2026-30859
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
PT-2026-41864
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years
Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years—but remained undetected until recently. DubbedTajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malwar...
Meet ‘TajMahal,’ A New and Highly Advanced APT Framework
SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...