Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

EUVD-2019-7107

Malware in sbrugna...

CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

SUSE CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

Json2html vulnerable to cross-site scripting

Json2html is a client side javascript HTML templating library with wrappers for both jQuery and Node.js. A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross si...

Cross site scripting

A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this...

GHSA-8Q8V-28RM-QW4W Borg Improper Access Control vulnerability

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3...

GHSA-6G5F-F5PM-MJRG Istio may not check inbound TCP connections against istio-policy

Istio 1.1.x through 1.1.6 has Incorrect Access Control. When disablePolicyChecks is set to false, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to...

CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATHINFO...

DEBIAN-CVE-2019-13045

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server...

Mahara Resume Blocktype Cross-Site Scripting Vulnerability

Mahara is an open source e-folder, weblog, resume generator and social networking system. A cross-site scripting vulnerability exists in the resume blocktype in Mahara versions prior to 1.0.13 and 1.1.x prior to 1.1.7, where Mahara fails to properly validate input parameters passed to the resume...

DEBIAN-CVE-2015-5381

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

DEBIAN-CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

MantisBT 1.1.x < 1.2.18 Multiple Vulnerabilities

Binary data 8902.prm...