Lucene search
K

30 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41677

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 4 days ago17 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS0.0016EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 11:16 p.m.14 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50808

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description An information disclosure issue exists in the MultiAgentLedger component. The system fails to enforce the uniqueness of agent IDs, allowing attackers to register agents with duplicate IDs. This...

7.1CVSS5.9AI score0.00256EPSS
Exploits0References9
NVD
NVD
added 2026/06/17 7:18 p.m.12 views

CVE-2026-53870

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS0.00108EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/16 1:57 a.m.19 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00285EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/27 8:7 a.m.8 views

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build...

9.8CVSS6.2AI score0.99972EPSS
Exploits60
Malwarebytes
Malwarebytes
added 2026/01/28 2:34 p.m.6 views

Malicious Chrome extensions can spy on your ChatGPT chats

Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata. The 16 malicious extensions 15 for Chrome and 1 for Edge claim to improve and optimize...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/01/16 4:43 p.m.4 views

Malicious Package

Overview sd-conversation-history-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2026/01/16 12:10 a.m.6 views

EUVD-2026-3055

Malicious code in sd-conversation-history-module-client npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/16 12:10 a.m.7 views

Malicious code in sd-conversation-history-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30c335176b96214a0cf97acfa97156cd4216c1aa6e764167f49cef0eaa89cc72 The package sd-conversation-history-module-client was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
OSV
OSV
added 2026/01/16 12:10 a.m.7 views

MAL-2026-307 Malicious code in sd-conversation-history-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30c335176b96214a0cf97acfa97156cd4216c1aa6e764167f49cef0eaa89cc72 The package sd-conversation-history-module-client was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/07 12:0 a.m.57 views

When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins

Prompt injection attacks pose a critical threat to large language models LLMs, with prior work focusing on cutting-edge LLM applications like personal copilots. In contrast, simpler LLM applications, such as customer service chatbots, are widespread on the web, yet their security posture and...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.12 views

CVE-2025-5009

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

1CVSS6.8AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2025/10/08 4:15 p.m.8 views

CVE-2025-5009

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

1CVSS0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/08 3:31 p.m.8 views

CVE-2025-5009 Information Disclosure in Gemini iOS App

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

1CVSS0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/08 3:31 p.m.3 views

CVE-2025-5009 Information Disclosure in Gemini iOS App

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

1CVSS6.5AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

Google Gemini iOS 安全漏洞

Google Gemini iOS is an AI-assisted tools app from Google, Inc. in the United States. Google Gemini iOS suffers from a security vulnerability that originates from the generation of public links containing the full conversation history when sharing conversation snippets, which could lead to...

1CVSS6.2AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7066

Malicious code in bioql PyPI...

7.6CVSS7.7AI score0.00326EPSS
Exploits1References2
Rows per page
Query Builder