Lucene search
+L

11 matches found

Github Security Blog
Github Security Blog
added 2026/07/06 9:22 p.m.7 views

Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.8CVSS5.9AI score0.00461EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/06 9:22 p.m.7 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...

9.2CVSS6.2AI score0.00461EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41274

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.8CVSS5.9AI score0.00504EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 9:12 p.m.8 views

EUVD-2026-25313

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.3CVSS6.1AI score0.00504EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/16 9:54 p.m.11 views

Flowise: Cypher Injection in GraphCypherQAChain

Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...

9.8CVSS6.2AI score0.00504EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6724

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...

5.4CVSS5AI score0.00207EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-0611

Malware in sbrugna...

9.8CVSS9.3AI score0.0192EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2059

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01038EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/09/28 5:11 p.m.138 views

Exploit for SQL Injection in Langchain

Proof of Concept for Langchain CVE-2024–8309 Vulnerability...

9.8CVSS8.6AI score0.13803EPSS
Exploits2
Kitploit
Kitploit
added 2022/11/17 11:30 a.m.32 views

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

7.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/03/01 2:15 a.m.4 views

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

9.1CVSS7.3AI score0.01505EPSS
Exploits0References3
Rows per page
Query Builder