Lucene search
K

74 matches found

NVD
NVD
added 4 days ago10 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago8 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00613EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41835

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS6.1AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-46591

Summary: CVE-2026-46591 affects Apache Camel’s Neo4j component. The vulnerability arises from interpolating JSON keys of the CamelNeo4jMatchProperties header into the Cypher WHERE clause, allowing Cypher injection when untrusted input populates the map. This could enable reading, modifying, or de...

8.2CVSS6.1AI score0.00329EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-55896

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description An issue exists in the Apache Camel Neo4J component where the producer builds the Cypher WHERE clau...

8.2CVSS6AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.15 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.8AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 11:0 p.m.65 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 11:0 p.m.35 views

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:0 p.m.10 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 9:16 p.m.70 views

Exploit for Improper Neutralization of Special Elements in Data Query Logic in Getzep Graphiti

CVE-2026-32247 — Cypher Injection in graphiti-core via unsanit...

8.1CVSS5.9AI score0.00344EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/04/29 9:6 p.m.121 views

security-advisories

Security Advisories Public write-ups and PoCs for CVEs I've d...

8.8CVSS5.4AI score0.00448EPSS
Exploits7
NVD
NVD
added 2026/04/27 12:16 a.m.5 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 12:4 a.m.37 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/27 12:4 a.m.9 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.2AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 12:4 a.m.8 views

EUVD-2026-25742

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:4 a.m.4 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.2AI score0.00177EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35276

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 10:16 p.m.9 views

CVE-2026-41274

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.8CVSS0.00504EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 9:12 p.m.34 views

CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.3CVSS0.00504EPSS
Exploits1References1
Rows per page
Query Builder