11 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...
CVE-2026-41274
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...
EUVD-2026-25313
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...
Flowise: Cypher Injection in GraphCypherQAChain
Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...
PT-2026-6724
Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...
EUVD-2018-0611
Malware in sbrugna...
EUVD-2022-2059
Malicious code in bioql PyPI...
Exploit for SQL Injection in Langchain
Proof of Concept for Langchain CVE-2024–8309 Vulnerability...
nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services
nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...
CVE-2021-42767
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...