Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/04/14 2:16 a.m.6 views

CVE-2026-34225

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS0.00036EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/13 2:55 p.m.4 views

CVE-2026-40087

A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...

5.3CVSS5.8AI score0.00055EPSS
Exploits0References10
NVD
NVDadded 2026/04/09 8:16 p.m.5 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS0.00055EPSS
Exploits0References7
EUVD
EUVDadded 2026/04/09 7:34 p.m.2 views

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References7
OSV
OSVadded 2025/03/20 12:32 p.m.0 views

GHSA-5CHR-FJJV-38QV langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS6AI score0.00274EPSS
Exploits0References6
Snyk
Snykadded 2025/03/20 10:52 a.m.1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

8.7CVSS6.7AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/20 10:8 a.m.4 views

CVE-2024-10940 Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS5.3AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder