Metrics
Affected Vendors & Products
Tue, 07 Oct 2025 18:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:tencent:weknora:0.1.0:*:*:*:*:*:*:* | 
Mon, 29 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 29 Sep 2025 09:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Tencent Tencent weknora | |
| Vendors & Products | Tencent Tencent weknora | 
Fri, 26 Sep 2025 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases". | |
| Title | Tencent WeKnora test testEmbeddingModel server-side request forgery | |
| Weaknesses | CWE-918 | |
| References |  | |
| Metrics | cvssV2_0 
 
 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: VulDB
Published: 2025-09-26T21:02:05.829Z
Updated: 2025-09-29T15:16:39.821Z
Reserved: 2025-09-26T09:31:28.213Z
Link: CVE-2025-11046
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-09-29T15:16:30.367Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-09-26T21:15:35.163
Modified: 2025-10-07T18:29:49.790
Link: CVE-2025-11046
 Redhat
                        Redhat
                    No data.