- EPSS 0.28%
- Veröffentlicht 08.06.2026 09:00:12
- Zuletzt bearbeitet 08.06.2026 14:57:14
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument Static...
CVE-2025-67818
- EPSS 0.66%
- Veröffentlicht 12.12.2025 00:00:00
- Zuletzt bearbeitet 19.12.2025 15:43:45
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root whe...
CVE-2025-67819
- EPSS 0.37%
- Veröffentlicht 12.12.2025 00:00:00
- Zuletzt bearbeitet 19.12.2025 15:38:42
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationSer...
CVE-2023-38976
- EPSS 1.7%
- Veröffentlicht 21.08.2023 17:15:48
- Zuletzt bearbeitet 21.11.2024 08:14:33
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.