Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

16 matches found

RedhatCVE
RedhatCVEadded 2 days ago9 views

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 6 days ago3 views

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00031EPSS
Exploits0References6
EUVD
EUVDadded 6 days ago6 views

EUVD-2026-33358

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00031EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/13 2:55 p.m.2 views

CVE-2026-40087

A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...

5.3CVSS5.8AI score0.00055EPSS
Exploits0References10
EUVD
EUVDadded 2026/04/09 7:34 p.m.2 views

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/04/09 7:34 p.m.1 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/09 7:34 p.m.1 views

CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.8AI score0.00055EPSS
Exploits0References7
CVE
CVEadded 2026/04/09 7:34 p.m.6 views

CVE-2026-40087

LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References7Affected Software1
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.3 views

LangChain 安全漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.84 and 1.2.28 contained security vulnerabilities. These vulnerabilities stemmed from incomplete validation of f-string template fields,...

5.3CVSS5.8AI score0.00055EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.1 views

PT-2026-31716

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References8
OSV
OSVadded 2026/04/08 9:51 p.m.2 views

GHSA-926X-3R5X-GFHW LangChain has incomplete f-string validation in prompt templates

LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References9
GithubExploit
GithubExploitadded 2026/02/28 7:32 a.m.133 views

SSTI-Exploit-Lab

Server-Side Template Injection SSTI to RCE Lab 🎯 Executi...

6.1AI score
Exploits0
CNNVD
CNNVDadded 2025/12/02 12:0 a.m.1 views

Lookyloo 跨站脚本漏洞

Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.3, which stems from the insecure use of the f string in Markup and could lead to cross-site scripting attacks...

6.1CVSS5.9AI score0.00025EPSS
Exploits0References3
Snyk
Snykadded 2024/12/23 5:54 p.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization when importing a macro in a template whose filename is also a template. This will result in a SyntaxError: f-string: invalid syntax error message because the filename is not properly escaped, indicating that it i...

8.8CVSS6.9AI score0.00573EPSS
Exploits0References2
NVD
NVDadded 2024/05/16 9:15 a.m.10 views

CVE-2024-3126

A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...

8.4CVSS8.8AI score0.02019EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/05/16 9:3 a.m.11 views

CVE-2024-3126 Command Injection in parisneo/lollms-webui

A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...

8.4CVSS8.9AI score0.02019EPSS
Exploits1References2
Rows per page
Query Builder