Lucene search
+L

342 matches found

cve
cve
added 3 days ago10 views

CVE-2026-15535

The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References7
euvd
euvd
added 3 days ago6 views

EUVD-2026-43280

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References7
attackerkb
attackerkb
added 3 days ago7 views

CVE-2026-15535

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References7
cgr
cgr
added 2026/07/08 8:24 p.m.6 views

CVE-2026-8149 vulnerabilities

Vulnerabilities for packages: guacamole-client, keycloak-fips, geoserver, wazuh-indexer, opensearch, bouncycastle-fips...

5.1CVSS6.1AI score0.00158EPSS
Exploits0
cgr
cgr
added 2026/07/08 8:24 p.m.8 views

GHSA-MX76-R943-RF8G vulnerabilities

Vulnerabilities for packages: guacamole-client, keycloak-fips, geoserver, wazuh-indexer, opensearch, bouncycastle-fips...

6.1AI score
Exploits0
redhatcve
redhatcve
added 2026/06/09 2:58 a.m.16 views

CVE-2026-11479

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS4.7AI score0.0016EPSS
Exploits0References1
nvd
nvd
added 2026/06/08 3:16 a.m.12 views

CVE-2026-11479

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS0.0016EPSS
Exploits0References7
euvd
euvd
added 2026/06/08 2:15 a.m.15 views

EUVD-2026-35010

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS4.7AI score0.0016EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/08 2:15 a.m.11 views

CVE-2026-11479

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS4.7AI score0.0016EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2026/06/08 2:15 a.m.47 views

CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS0.0016EPSS
Exploits0References7
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.17 views

grepai 加密问题漏洞

grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...

4.2CVSS5AI score0.0016EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.13 views

PT-2026-47241

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS4.7AI score0.0016EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46723

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

5.9CVSS5.6AI score0.00318EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/03 4:2 p.m.10 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
snyk
snyk
added 2026/05/24 8:47 p.m.13 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

5.9CVSS6AI score0.00318EPSS
Exploits0References2
snyk
snyk
added 2026/05/24 8:47 p.m.14 views

Directory Traversal

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to Directory Traversal due to the file indexer failing to normalize the configured directory path. A backend user with permission to edit indexer...

5.9CVSS6.3AI score0.00404EPSS
Exploits0References2
nvd
nvd
added 2026/05/19 10:16 a.m.13 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS0.00404EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/19 9:24 a.m.10 views

CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 9:24 a.m.19 views

EUVD-2026-30864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
cve
cve
added 2026/05/19 9:24 a.m.23 views

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
Rows per page
Query Builder