Lucene search
+L

22 matches found

euvd
euvd
added 2026/07/08 1:48 p.m.5 views

EUVD-2026-42251

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36796

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 8:16 p.m.11 views

CVE-2026-47835

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00254EPSS
Exploits0References1
cve
cve
added 2026/06/15 6:54 p.m.31 views

CVE-2026-47835

In Spring AI Vector Stores, the vulnerability arises from improper handling of special characters that could lead to arbitrary query execution in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components are spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfi...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/06/15 6:54 p.m.9 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References1
snyk
snyk
added 2026/06/12 12:0 a.m.11 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
spring
spring
added 2026/06/12 12:0 a.m.15 views

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores...

8.6CVSS6.1AI score0.00254EPSS
Exploits0
cvelist
cvelist
added 2026/05/01 9:15 p.m.31 views

CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS0.00315EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/04/16 12:0 a.m.6 views

PT-2026-56430

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description Path traversal occurs in the Faiss and SimpleStore vector store implementations. The issue arises when the system accepts unsanitized basePath parameters from authenticated users. Attackers possessin...

6.5CVSS6.2AI score0.0033EPSS
Exploits0References8
github
github
added 2026/03/18 9:30 a.m.15 views

JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/03/18 7:39 a.m.61 views

CVE-2026-22729

Spring AI’s AbstractFilterExpressionConverter is vulnerable to a JSONPath injection, where user-controlled input in FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping. This can allow authenticated users to bypass metadata-based access controls and access unautho...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/03/18 7:39 a.m.2 views

CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References1
osv
osv
added 2026/03/18 7:39 a.m.4 views

CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS6.1AI score0.00521EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/17 12:0 a.m.20 views

PT-2026-25939

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 and 1.1.3 Description A JSONPath injection issue exists in Spring AI’s AbstractFilterExpressionConverter. Authenticated users can bypass metadata-based access controls by using crafted filter expressions...

8.6CVSS5.8AI score0.00521EPSS
Exploits0References21
snyk
snyk
added 2025/06/05 6:30 a.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2025/06/05 6:30 a.m.4 views

llama-index-packs-deeplake-deepmemory-retriever (>=0.1.0 <=0.1.4), llama-index-packs-deeplake-multimodal-retrieval (>=0.1.0 <=0.1.4) potentially affected by CVE-2025-1793 via llama-index-vector-stores-deeplake (>=0.1.0 <=0.1.6)

llama-index-vector-stores-deeplake PYPI version =0.1.0, =0.1.0, =0.1.0, =0.1.4 Source cves: CVE-2025-1793 Source advisory: SNYK:PYTHON-LLAMAINDEXVECTORSTORESDEEPLAKE-10332650...

9.8CVSS7.2AI score0.00581EPSS
Exploits1
snyk
snyk
added 2025/06/05 6:30 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
snyk
snyk
added 2025/06/05 6:30 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
snyk
snyk
added 2025/06/05 6:30 a.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
snyk
snyk
added 2025/06/05 6:30 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
Rows per page
Query Builder