16 matches found
Deserialization of Untrusted Data
Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate application...
PYSEC-2026-86
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
PT-2026-2318
Name of the Vulnerable Software and Affected Versions LlamaIndex versions up to and including 0.12.2 Description LlamaIndex versions up to and including 0.12.2 have an issue where resource consumption is not properly controlled in the VannaPack VannaQueryEngine implementation. The custom query...
Arbitrary SQL Execution
Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...
EUVD-2025-202170
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510
Neuron is a PHP framework for AI Agents. Versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool that can execute arbitrary SQL provided by the caller via PDO::prepare() and execute(), without semantic restrictions. In an LLM/agent context this enables prompt injection or indirect ...
GHSA-898V-775G-777C Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...
EUVD-2025-7051
Malicious code in bioql PyPI...
CVE-2024-10954
In the manim plugin of binary-husky/gptacademic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code...
CVE-2024-10954
CVE-2024-10954 affects the binary-husky/gpt_academic project’s manim plugin. The root cause is improper handling of user-provided prompts, leading to execution of untrusted code generated by the LLM without a sandbox. This enables remote code execution on the app backend when a malicious prompt i...
GPT Academic 命令注入漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from improper handling of user-supplied prompts in the manim plugin, which can be exploited by an attacker to cau...
UBUNTU-CVE-2014-1584
The Public Key Pinning PKP implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to...