CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7 matches found

RedhatCVE•added 2026/03/28 10:51 a.m.•2 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00052EPSS

Exploits0References1

Github Security Blog•added 2026/03/27 6:31 a.m.•3 views

Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00052EPSS

Exploits0References6Affected Software1

EUVD•added 2026/03/27 6:31 a.m.•0 views

EUVD-2026-16535

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00052EPSS

Exploits0References2

OSV•added 2026/03/27 6:31 a.m.•1 views

GHSA-FVH3-672C-7P6C Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00052EPSS

Exploits0References6

Snyk•added 2026/03/27 6:18 a.m.•2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SimpleVectorStore function when unescaped user-supplied input is used as a filter expression key. An attacker can execute arbitrary code by supplying crafted input that is evaluated by the expression...

9.8CVSS6.3AI score0.00052EPSS

Exploits0References2

NVD•added 2026/03/27 6:16 a.m.•2 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS0.00052EPSS

Exploits0References1

ATTACKERKB•added 2026/03/27 5:21 a.m.•1 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00052EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by