Lucene search
K

179 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
CVE
CVE
added 5 days ago24 views

CVE-2026-55615

Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...

9.2CVSS6AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 9:22 p.m.6 views

Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.8CVSS5.9AI score0.00461EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:4 a.m.31 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:4 a.m.8 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00613EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:4 a.m.7 views

EUVD-2026-41835

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS6.1AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:4 a.m.11 views

CVE-2026-46591

Summary: CVE-2026-46591 affects Apache Camel’s Neo4j component. The vulnerability arises from interpolating JSON keys of the CamelNeo4jMatchProperties header into the Cypher WHERE clause, allowing Cypher injection when untrusted input populates the map. This could enable reading, modifying, or de...

8.2CVSS6.1AI score0.00329EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:4 a.m.6 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00329EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56085

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.5 Description Neo4jChatAgent passes LLM-generated Cypher queries directly to the Neo4j driver without validation, a statement-type allowlist, or an opt-out gate. Because the query text can be influenced by promp...

9.2CVSS6AI score0.00461EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55896

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description An issue exists in the Apache Camel Neo4J component where the producer builds the Cypher WHERE clau...

8.2CVSS6AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.21 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.8AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41274

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.8CVSS5.9AI score0.00504EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS5.7AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 p.m.25 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:0 p.m.10 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:0 p.m.5 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00285EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/12 11:0 p.m.8 views

EUVD-2026-29873

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 11:0 p.m.35 views

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder