2348 matches found
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...
PySpector 安全漏洞
PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...
FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings
Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...
FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...
uutils coreutils has an Incorrect Provision of Specified Functionality Issue
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
EUVD-2026-25034
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
GHSA-FHR3-XH3Q-69W6 uutils coreutils has an Incorrect Provision of Specified Functionality Issue
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
EUVD-2025-209551
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient...
CVE-2026-35379
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
CVE-2025-3922
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient...
CVE-2026-4922
CVE-2026-4922 : GitLab CE/EE contains a CSRF-related issue that could allow an unauthenticated user to execute GraphQL mutations on behalf of authenticated users. Affected versions: 17.0 up to before 18.9.6, 18.10 up to before 18.10.4, and 18.11 up to before 18.11.1. Root cause: insufficient CSRF...
CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
CVE-2026-35379
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
CVE-2026-35379
Affected product and component: uutils coreutils’ tr utility. Root cause: logic error causes mis-definition of character classes [:graph:] and [:print:], inadvertently including ASCII space (0x20) in [:graph:] while excluding it from [:print:], reversing standard POSIX/GNU behavior. Impact: can l...
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control C2 channel, allowing...
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection
Summary The local HTTP server started by engram server binding 127.0.0.1:7337 by default was exposed to any browser origin with no authentication unless ENGRAMAPITOKEN was explicitly set. Combined with Access-Control-Allow-Origin: on every response and a body parser that did not require...
GHSA-2R2P-4CGF-HV7H engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection
Summary The local HTTP server started by engram server binding 127.0.0.1:7337 by default was exposed to any browser origin with no authentication unless ENGRAMAPITOKEN was explicitly set. Combined with Access-Control-Allow-Origin: on every response and a body parser that did not require...
GitLab CE/EE 跨站请求伪造漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.20 and 6.13.0, which stemmed from insufficient...