38 matches found
CVE-2026-42157
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...
PT-2026-40467
Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description A remote attacker can create a map node with a malicious label containing arbitrary HTML. When the map tab and a map node marker are selected, the application renders the HTML, which can trigger...
Exploit for Improper Neutralization of Special Elements in Data Query Logic in Getzep Graphiti
CVE-2026-32247 — Cypher Injection in graphiti-core via unsanit...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti CVE-2026-32247 is a Cypher injection vulnerability in pre-0.28.2 releases where attacker-controlled values fed into SearchFilters.node_labels were concatenated into Cypher label expressions. The issue affected non-Kuzu backends (Neo4j, FalkorDB, Neptune) and could be exploited via MCP de...
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
EUVD-2026-11682
Graphiti vulnerable to Cypher Injection via unsanitized nodelabels in search filters...
GHSA-GG5M-55JJ-8M5G Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...
Improper Neutralization of Special Elements in Data Query Logic
Overview graphiti-core is an A temporal graph building library Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the SearchFilters.nodelabels process. An attacker can execute arbitrary Cypher queries within the privileges of th...
Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...
TencentOS Server 3: graphviz (TSSA-2023:0148)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0148 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
GHSA-7XGM-5PRM-V5GC KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...
EUVD-2020-22116
Malware in sbrugna...
DRUPAL-CONTRIB-2025-064
This module provides a block to easily display a rendered node. The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes...