Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 9:22 p.m.6 views

Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.8CVSS5.9AI score0.00461EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41274

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

9.8CVSS5.9AI score0.00504EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 11:16 p.m.25 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a security vulnerability. This vulnerability stemmed from the GraphCypherQAChain node directly passing user inputs into the Cypher query executio...

9.8CVSS6AI score0.00504EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.7 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:34 p.m.4 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.17 views

PT-2026-33508

Name of the Vulnerable Software and Affected Versions mcp-neo4j-cypher versions prior to 0.6.0 Description The read only mode enforcement can be bypassed using APOC CALL procedures. This may allow unauthorized write operations or server-side request forgery, which is a technique where an attacker...

2.3CVSS5.2AI score0.00264EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/12 5:26 p.m.2 views

Improper Neutralization of Special Elements in Data Query Logic

Overview graphiti-core is an A temporal graph building library Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the SearchFilters.nodelabels process. An attacker can execute arbitrary Cypher queries within the privileges of th...

8.6CVSS6AI score0.00344EPSS
Exploits2References2
Kitploit
Kitploit
added 2021/04/19 12:30 p.m.261 views

Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...

6.9AI score
Exploits0References5
Rows per page
Query Builder