342 matches found
CVE-2026-15535
The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...
EUVD-2026-43280
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
CVE-2026-15535
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
CVE-2026-8149 vulnerabilities
Vulnerabilities for packages: guacamole-client, keycloak-fips, geoserver, wazuh-indexer, opensearch, bouncycastle-fips...
GHSA-MX76-R943-RF8G vulnerabilities
Vulnerabilities for packages: guacamole-client, keycloak-fips, geoserver, wazuh-indexer, opensearch, bouncycastle-fips...
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
EUVD-2026-35010
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
grepai 加密问题漏洞
grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...
PT-2026-47241
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-46723
The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...
CVE-2026-46724
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
XML External Entity (XXE) Injection
Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....
Directory Traversal
Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to Directory Traversal due to the file indexer failing to normalize the configured directory path. A backend user with permission to edit indexer...
CVE-2026-46724
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
EUVD-2026-30864
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
CVE-2026-46724
CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...