Opensift
by Openshift
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28677 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks… | |||
| CVE-2026-28676 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection… | |||
| CVE-2026-28675 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token… | |||
| CVE-2026-27189 | 0.00 | — | 0.00 | Feb 21, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or… | |||
| CVE-2026-27170 | 0.00 | — | 0.00 | Feb 20, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing… | |||
| CVE-2026-27169 | 0.00 | — | 0.00 | Feb 20, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can… | |||
| CVE-2024-50311 | 0.00 | — | 0.01 | Oct 22, 2024 | A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing… | |||
| CVE-2014-0163 | 0.00 | — | 0.02 | Dec 11, 2019 | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||
| CVE-2014-0023 | 0.00 | — | 0.00 | Nov 15, 2019 | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution |
- CVE-2026-28677Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks…
- CVE-2026-28676Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection…
- CVE-2026-28675Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token…
- CVE-2026-27189Feb 21, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or…
- CVE-2026-27170Feb 20, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing…
- CVE-2026-27169Feb 20, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can…
- CVE-2024-50311Oct 22, 2024risk 0.00cvss —epss 0.01
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing…
- CVE-2014-0163Dec 11, 2019risk 0.00cvss —epss 0.02
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
- CVE-2014-0023Nov 15, 2019risk 0.00cvss —epss 0.00
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution