8 matches found
CVE-2026-41274
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...
CVE-2026-42156
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a security vulnerability. This vulnerability stemmed from the GraphCypherQAChain node directly passing user inputs into the Cypher query executio...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
PT-2026-33508
Name of the Vulnerable Software and Affected Versions mcp-neo4j-cypher versions prior to 0.6.0 Description The read only mode enforcement can be bypassed using APOC CALL procedures. This may allow unauthorized write operations or server-side request forgery, which is a technique where an attacker...
Improper Neutralization of Special Elements in Data Query Logic
Overview graphiti-core is an A temporal graph building library Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the SearchFilters.nodelabels process. An attacker can execute arbitrary Cypher queries within the privileges of th...
Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...