10 matches found
Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...
PT-2025-34267 · Phproject · Phproject
Name of the Vulnerable Software and Affected Versions: Phproject versions 1.8.0 through 1.8.2 Description: Phproject is a high performance full-featured project management system. A Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. A...
CVE-2024-3078
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2023-28839
Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advis...
SUSE CVE-2024-56323
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses conditions, and 2...
PT-2025-3267
Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.3.8 through 1.8.2 Description The issue concerns an authorization bypass in OpenFGA under specific conditions, including calling Check API or ListObjects with a model that uses conditions, and OpenFGA being configured with...
PT-2024-22270 · Unknown · Peering Manager
Name of the Vulnerable Software and Affected Versions: Peering Manager versions 1.8.2 and earlier Description: The issue allows users to be redirected to an arbitrary page using a crafted URL, potentially leading to unexpected locations. This is a result of a flaw in the BGP session management...
PT-2024-22269 · Unknown · Peering Manager
Name of the Vulnerable Software and Affected Versions: Peering Manager versions prior to 1.8.3 Description: Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or...
PT-2023-21999 · Prestashop · Shoppingfeed Prestashop
Name of the Vulnerable Software and Affected Versions: Shoppingfeed PrestaShop versions 1.4.0 through 1.8.2 Description: The Shoppingfeed PrestaShop module is vulnerable to SQL injection due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Recommendations: For...
PT-2015-6780 · Django Software Foundation +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 1.8.0 through 1.8.2 Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via unspecified vectors. This is related to the validators.URLValidator in Django. Recommendations:...