21 matches found
CVE-2026-13507
A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...
CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity
A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...
PT-2026-53163
Name of the Vulnerable Software and Affected Versions volcengine OpenViking versions prior to 0.3.22 Description Insufficient verification of data authenticity exists within the Local VectorDB Primary-key Label Handler component. The issue occurs in the str to uint64 function located in the...
EUVD-2026-36796
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...
CVE-2026-47835
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...
PT-2026-49305
Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.9 Spring AI versions prior to 1.1.8 Description Special characters can be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. This issue affects the...
CVE-2026-48148
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
CVE-2026-48148
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
CVE-2026-48148
Budibase prior to 3.35.3 exposes an unvalidated VectorDB host parameter in its configuration endpoint. An authenticated builder-level user can supply a host like 169.254.169.254 or localhost, allowing the server to initiate outbound TCP connections to internal network addresses or cloud metadata ...
CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.3 contained security vulnerabilities. These vulnerabilities stemmed from VectorDB’s...
MAL-2026-4814 Malicious code in vectordb-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...
AnythingLLM security vulnerabilities
AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.10.0 contained a security vulnerability. This vulnerability stemmed from the /api/setup-complete endpoint exposing the QdrantApiKey in plain text, which could allow attackers to gain read/write...
EUVD-2024-31641
Malicious code in bioql PyPI...
CVE-2024-3033
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...
CVE-2024-3033
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...
CVE-2024-3033
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...
CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...
CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...