Lucene search
K

178 matches found

EUVD
EUVD
added 2026/04/17 9:30 p.m.6 views

EUVD-2026-23518

Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 8:34 p.m.28 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:34 p.m.6 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:34 p.m.4 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/17 8:34 p.m.26 views

CVE-2026-35402

The CVE concerns mcp-neo4j-cypher (MCP server) where, in versions before 0.6.0, enforcement of read_only mode can be bypassed via APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This is mitigated by upgrading to version 0.6.0, which fixes t...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.17 views

PT-2026-33508

Name of the Vulnerable Software and Affected Versions mcp-neo4j-cypher versions prior to 0.6.0 Description The read only mode enforcement can be bypassed using APOC CALL procedures. This may allow unauthorized write operations or server-side request forgery, which is a technique where an attacker...

2.3CVSS5.2AI score0.00264EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/16 9:54 p.m.10 views

Improper Neutralization of Special Elements in Data Query Logic

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic through the GraphCypherQAChain request handling and graph.query execution path in GraphCypherQAChain.ts. An attacker can force...

9.8CVSS5.9AI score0.00504EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 9:54 p.m.6 views

GHSA-28G4-38Q8-3CWC Flowise: Cypher Injection in GraphCypherQAChain

Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...

8.7CVSS6.2AI score0.00504EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:54 p.m.9 views

Flowise: Cypher Injection in GraphCypherQAChain

Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...

9.8CVSS6.2AI score0.00504EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.7 views

PT-2026-34755

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. This allows an attacker to inject arbitrary Cypher commands tha...

9.8CVSS6AI score0.00504EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.4 views

Spring AI 1.0.x < 1.0.5 / 1.1.x < 1.1.4 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.5 or 1.1.x prior to 1.1.4. It is, therefore, affected by multiple vulnerabilities, including: - A SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A...

9.8CVSS6.2AI score0.00821EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.5 views

CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 6:31 a.m.4 views

GHSA-7CJ7-RCW6-P68V Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/27 6:31 a.m.7 views

EUVD-2026-16539

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.8 views

Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/27 6:16 a.m.11 views

CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 5:33 a.m.4 views

CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 5:33 a.m.27 views

CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 5:33 a.m.40 views

CVE-2026-22743

CVE-2026-22743 affects Spring AI’s spring-ai-neo4j-store, specifically the Cypher injection in the Neo4jVectorFilterExpressionConverter. A user-controlled string used as a filter expression key is embedded into a backtick-delimited Cypher property accessor (node.metadata.) after stripping only do...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder