Lucene search
K

44 matches found

Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23642

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.11 views

CVE-2026-27189

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.5 views

CVE-2026-27170

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.4AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 12:16 a.m.5 views

CVE-2026-27189

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/02/21 12:16 a.m.7 views

CVE-2026-27169

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

8.9CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2026/02/21 12:16 a.m.13 views

CVE-2026-27170

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/02/21 12:1 a.m.3 views

CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS5.5AI score0.00112EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/21 12:1 a.m.20 views

CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/21 12:1 a.m.4 views

CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS5.3AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.9 views

PT-2026-21331

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS5.5AI score0.00112EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.9 views

OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of non-atomic and insufficiently synchronized local JSON persistence processes,...

6.6CVSS5.8AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contain security vulnerabilities. These vulnerabilities stem from the use of insecure HTML interpolation patterns in the chat tool’s UI interface, which render...

8.9CVSS5.6AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

OpenSift 代码问题漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained code vulnerabilities. These vulnerabilities stemmed from overly permissive server-side access behaviors allowed by URL ingestion, which could lead to...

7.1CVSS5.9AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 11:58 p.m.6 views

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.5AI score0.00181EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 11:58 p.m.28 views

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:58 p.m.6 views

CVE-2026-27170

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.4AI score0.00181EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 11:58 p.m.3 views

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.3AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 11:58 p.m.16 views

CVE-2026-27170

Summary (concrete details): OpenSift versions up to 1.1.2-alpha are affected by a flaw in the URL ingestion flow where server-side fetch behavior is overly permissive. An attacker-controlled URL could cause the host process to probe or access private/local network resources. The issue is fixed in...

7.1CVSS5.4AI score0.00181EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/20 11:51 p.m.7 views

CVE-2026-27169 OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

8.9CVSS5.8AI score0.00347EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 11:51 p.m.31 views

CVE-2026-27169 OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

8.9CVSS0.00347EPSS
Exploits0References2
Rows per page
Query Builder