Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.4 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 6:31 a.m.4 views

EUVD-2026-16535

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.6 views

Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 6:31 a.m.2 views

GHSA-FVH3-672C-7P6C Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/27 6:18 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SimpleVectorStore function when unescaped user-supplied input is used as a filter expression key. An attacker can execute arbitrary code by supplying crafted input that is evaluated by the expression...

9.8CVSS6.3AI score0.00821EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 6:16 a.m.15 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS0.00821EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 5:21 a.m.2 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2017/03/23 1:4 a.m.5 views

icoutils: Buffer overflow in the simple_vec function

A vulnerability was found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution...

5.5CVSS5.9AI score0.01538EPSS
Exploits1References4
Rows per page
Query Builder