Lucene search
+L

104 matches found

OSV
OSV
added 2026/01/21 4:49 a.m.6 views

MAL-2026-434 Malicious code in weaviate-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c229f83d7066881287b7035e8e71dc5ed74531480ab19cbf47ebd72990bc1525 The package weaviate-js was found to contain malicious code. Source: ghsa-malware bb063c82675f5933564b46d7e49a2c2a7aac395d9a399b1264e3de0aafb29905 An...

5.5AI score
Exploits0References1
EUVD
EUVD
added 2026/01/21 4:49 a.m.3 views

EUVD-2026-3717

Malicious code in weaviate-js npm...

5.5AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:24 a.m.6 views

SUSE CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7.2AI score0.00785EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/01/06 12:24 a.m.5 views

SUSE CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS6.9AI score0.00435EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7.1AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.8 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS6.9AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 8:15 p.m.7 views

GO-2025-4237 Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate...

7.2CVSS6.8AI score0.00785EPSS
Exploits0References5
OSV
OSV
added 2025/12/15 8:15 p.m.4 views

GO-2025-4238 Weaviate OSS has path traversal vulnerability via the Shard Movement API in github.com/weaviate/weaviate

Weaviate OSS has path traversal vulnerability via the Shard Movement API in github.com/weaviate/weaviate...

4.9CVSS6.9AI score0.00435EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/12 6:30 p.m.7 views

EUVD-2025-203093

Weaviate OSS has path traversal vulnerability via the Shard Movement API...

4.9CVSS6.5AI score0.00435EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/12 6:30 p.m.6 views

EUVD-2025-203094

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip...

7.2CVSS6.3AI score0.00785EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 6:30 p.m.12 views

GHSA-HMMH-292H-3364 Weaviate OSS has path traversal vulnerability via the Shard Movement API

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

8.7CVSS6.8AI score0.00435EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.14 views

Weaviate OSS has path traversal vulnerability via the Shard Movement API

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS6.9AI score0.00435EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/12/12 5:15 p.m.9 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS0.00435EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 5:15 p.m.8 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS0.00785EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 12:0 a.m.32 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

0.00435EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 12:0 a.m.18 views

CVE-2025-67819

CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...

4.9CVSS6.5AI score0.00435EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/12 12:0 a.m.29 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

0.00785EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.1 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

6.8AI score0.00785EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50957

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description An attacker who can insert data into the database can create an entry name containing an absolute path for example, /etc/... or utilize parent directory traversal ../../.. to bypass the restore...

7.2CVSS6.5AI score0.00785EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.5 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

6.5AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder