Tencent

Weknora

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-30861

Exploit
  • EPSS 0.07%
  • Veröffentlicht 07.03.2026 16:38:38
  • Zuletzt bearbeitet 09.03.2026 17:35:56

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration valid...

9.8

CVE-2026-30860

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.03.2026 16:36:45
  • Zuletzt bearbeitet 09.03.2026 17:35:41

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system ...

6.5

CVE-2026-30859

  • EPSS 0.05%
  • Veröffentlicht 07.03.2026 16:35:30
  • Zuletzt bearbeitet 09.03.2026 17:35:20

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belo...

7.5

CVE-2026-30858

Exploit
  • EPSS 0.11%
  • Veröffentlicht 07.03.2026 16:34:28
  • Zuletzt bearbeitet 09.03.2026 17:34:39

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access in...

5.3

CVE-2026-30857

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.03.2026 16:33:45
  • Zuletzt bearbeitet 09.03.2026 17:34:19

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) an...

7.6

CVE-2026-30856

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 16:32:44
  • Zuletzt bearbeitet 13.04.2026 14:43:36

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack t...

8.8

CVE-2026-30855

Exploit
  • EPSS 0.15%
  • Veröffentlicht 07.03.2026 16:31:10
  • Zuletzt bearbeitet 09.03.2026 17:33:08

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, ...

7.5

CVE-2026-30247

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 03:33:27
  • Zuletzt bearbeitet 11.03.2026 19:22:24

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirec...

8.8

CVE-2026-22688

Exploit
  • EPSS 0.4%
  • Veröffentlicht 10.01.2026 03:41:59
  • Zuletzt bearbeitet 22.01.2026 14:39:17

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio...

9.8

CVE-2026-22687

Exploit
  • EPSS 0.03%
  • Veröffentlicht 10.01.2026 03:41:43
  • Zuletzt bearbeitet 06.03.2026 15:16:09

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validat...