Dem000

#15719of 53,624
17.2Total CVSS
Vulnerabilities · 4
Low
1
Medium
3
PT-2026-47241
4.2
2026-06-08
Grepai · Grepai · CVE-2026-11479
**Name of the Vulnerable Software and Affected Versions** yoanbernabeu grepai version 0.35.0 **Description** An issue exists in the Qdrant Backend component within the file `indexer/chunker.go`. Improper processing in this file leads to the use of a weak hash, which is a cryptographic hash function that is no longer considered secure against modern attacks. This flaw can be exploited remotely, although the attack is highly complex and difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-47243
2.5
2026-06-08
Grepai · Grepai · CVE-2026-11481
**Name of the Vulnerable Software and Affected Versions** yoanbernabeu grepai versions prior to 0.35.0 **Description** The Postgres Embedding Cache component contains an issue where the `PostgresStore.LookupByContentHash()` function in the `indexer/chunker.go` file uses a weak hash. A local attacker can manipulate the `content hash` argument to exploit this. The attack is characterized by high complexity and is difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-47262
5.0
2026-06-08
Weaviate · Weaviate · CVE-2026-11500
**Name of the Vulnerable Software and Affected Versions** Weaviate versions prior to 1.38.0-rc.0 **Description** An issue exists in the Static API Key Handler component within the `validateConfig()` function of the `usecases/auth/authentication/apikey/client.go` file. Manipulation of the `StaticApiKey` argument allows for a remote authorization bypass. The attack complexity is high and exploitability is considered difficult. **Recommendations** Upgrade to version 1.38.0-rc.0. As a temporary workaround, restrict access to the `validateConfig()` function within the Static API Key Handler to minimize the risk of exploitation.
PT-2026-47197
5.5
2026-06-07
Zilliztech · Deep-Searcher · CVE-2026-11466
**Name of the Vulnerable Software and Affected Versions** zilliztech deep-searcher versions prior to 0.0.3 **Description** Improper access controls in the `CollectionRouter.invoke()` function within the `deepsearcher/agent/collection router.py` file allow for remote exploitation. This issue is caused by the manipulation of the `kwargs` argument, which can lead to remote code execution. **Recommendations** As a temporary workaround, restrict access to the `CollectionRouter.invoke()` function until a patch is available.