Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 10:22 p.m.11 views

Malicious code in fakehuop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee Every advertised function in this package askllm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc instantiates a...

5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

7.6CVSS0.00255EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/07 4:32 p.m.27 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS0.00255EPSS
Exploits1References1
OSV
OSV
added 2026/03/07 4:32 p.m.2 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS7.4AI score0.00255EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/11/21 10:21 p.m.77 views

Flowise OverrideConfig security vulnerability

Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...

7.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder