Lucene search
K

5 matches found

Snyk
Snyk
added 2026/04/16 9:54 p.m.10 views

Improper Neutralization of Special Elements in Data Query Logic

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic through the GraphCypherQAChain request handling and graph.query execution path in GraphCypherQAChain.ts. An attacker can force...

9.8CVSS5.9AI score0.00504EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 7:11 p.m.4 views

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

8.1CVSS5.8AI score0.00344EPSS
Exploits2References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 7:11 p.m.4 views

CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

8.1CVSS5.8AI score0.00344EPSS
Exploits2References4
CVE
CVE
added 2026/03/12 7:11 p.m.30 views

CVE-2026-32247

Graphiti CVE-2026-32247 is a Cypher injection vulnerability in pre-0.28.2 releases where attacker-controlled values fed into SearchFilters.node_labels were concatenated into Cypher label expressions. The issue affected non-Kuzu backends (Neo4j, FalkorDB, Neptune) and could be exploited via MCP de...

8.1CVSS5.8AI score0.00344EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-25057

Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node labels were concatenated directly into Cypher label expressions without validation. I...

8.1CVSS6AI score0.00344EPSS
Exploits2References16
Rows per page
Query Builder