Lucene search
K

955 matches found

CVE
CVE
added 2026/06/29 2:4 p.m.30 views

CVE-2026-55607

CVE-2026-55607 affects Claude Code 2.1.38–2.1.163; worktree handling allowed creation of ".git" worktrees and navigation outside the sandbox, enabling git directory confusion. Exploit via symlink manipulation and git fsmonitor during worktree operations could overwrite home-dir files (e.g., .zshe...

8.8CVSS6.3AI score0.0071EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-303 CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

9.6CVSS6.2AI score0.008EPSS
Exploits3References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-382 Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv...

9.8CVSS6.8AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-372 Langchain SQL Injection vulnerability

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain...

9.8CVSS6.2AI score
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-562 vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS7.8AI score0.00875EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-561 Vanna prompt injection code execution

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

9.2CVSS7.9AI score0.14956EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.10 views

PYSEC-2026-397 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

9.8CVSS7.6AI score0.00951EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-448 PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.5AI score0.0122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.20 views

PT-2026-52680

Name of the Vulnerable Software and Affected Versions Claude Code affected versions not specified Description A prompt injection flaw allows for a full sandbox escape, leading to arbitrary code execution on the host system. This issue persists even when the software is configured with read-only...

8.8CVSS6.5AI score0.0071EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:21 p.m.7 views

Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/06/25 10:21 p.m.7 views

MAL-2026-6486 Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
NVD
NVD
added 2026/06/23 6:18 p.m.17 views

CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 3:36 p.m.18 views

CVE-2026-56696

CVE-2026-56696 affects OpenHarness; the /issue and /pr_comments slash commands lack remote_invocable=False protection. This allows remote attackers to write attacker-controlled Markdown into project context files (.openharness/issue.md and .openharness/pr_comments.md). The injected content is sub...

5.4CVSS6AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 2:16 p.m.13 views

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS0.00853EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 12:0 a.m.23 views

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/22 12:0 a.m.6 views

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3
NVD
NVD
added 2026/06/20 4:17 p.m.10 views

CVE-2024-58351

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:21 p.m.28 views

CVE-2024-58351 Flowise - Remote Code Execution via overrideConfig Parameter

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS0.00648EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:21 p.m.7 views

EUVD-2024-55642

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS6.5AI score0.00648EPSS
Exploits0References2
Rows per page
Query Builder