Filter Expression Injection

Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...

CVE-2026-32944

Technical details sufficient to assess the vulnerability are not provided in the connected documents; monitor for updates.

CVE-2026-32944 Parse Server crash via deeply nested query condition operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

EUVD-2020-29469

Malware in sbrugna...

The vulnerability of the OpenSearch software package, related to incorrect authorization, allows a perpetrator to introduce incorrect access authorization.

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document level security, field level security, and field masking. These rules were incorrectly applied to queries under rare execution conditions. Exploiting this vulnerability c...