VYPR

Opensift

by Openshift

CVEs (9)

  • CVE-2026-28677Mar 6, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks…

  • CVE-2026-28676Mar 6, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection…

  • CVE-2026-28675Mar 6, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token…

  • CVE-2026-27189Feb 21, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or…

  • CVE-2026-27170Feb 20, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing…

  • CVE-2026-27169Feb 20, 2026
    risk 0.00cvss epss 0.00

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can…

  • CVE-2024-50311Oct 22, 2024
    risk 0.00cvss epss 0.01

    A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing…

  • CVE-2014-0163Dec 11, 2019
    risk 0.00cvss epss 0.02

    Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

  • CVE-2014-0023Nov 15, 2019
    risk 0.00cvss epss 0.00

    OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution