CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

NVD•added 2026/04/23 8:16 p.m.•3 views

CVE-2026-41138

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...

8.8CVSS0.00575EPSS

Exploits1References1

Cvelist•added 2026/04/23 7:5 p.m.•30 views

CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.

8.3CVSS0.00575EPSS

Exploits1References1

Positive Technologies•added 2026/04/23 12:0 a.m.•1 views

PT-2026-34730

8.3CVSS8AI score0.00575EPSS

Exploits1References2

RedhatCVE•added 2026/04/13 2:55 p.m.•4 views

CVE-2026-40087

A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...

5.3CVSS5.8AI score0.00055EPSS

Exploits0References10

NVD•added 2026/04/09 8:16 p.m.•5 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS0.00055EPSS

Exploits0References7

EUVD•added 2026/04/09 7:34 p.m.•2 views

EUVD-2026-21063

5.3CVSS5.9AI score0.00055EPSS

Exploits0References7

RedhatCVE•added 2026/02/24 7:29 a.m.•5 views

CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

7.2CVSS4.7AI score0.00092EPSS

Exploits2References1

Github Security Blog•added 2026/02/23 6:30 a.m.•3 views

datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

7.2CVSS5AI score0.00092EPSS

Exploits2References6Affected Software1

OSV•added 2026/02/23 6:30 a.m.•1 views

GHSA-Q5XX-FXV3-XXQF datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

5.1CVSS5.1AI score0.00092EPSS

Exploits2References6

NVD•added 2026/02/23 5:16 a.m.•4 views

CVE-2026-2969

7.2CVSS0.00092EPSS

Exploits2References5

Cvelist•added 2026/02/23 3:32 a.m.•19 views

CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine

5.8CVSS0.00092EPSS

Exploits2References5

NVD•added 2025/11/21 10:16 p.m.•4 views

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...

8.3CVSS0.00052EPSS

Exploits0References3

Snyk•added 2025/11/21 9:57 p.m.•4 views

Template Injection

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to...

8.3CVSS6.7AI score0.00052EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0022

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00407EPSS

Exploits1References3

OSV•added 2025/03/20 12:32 p.m.•0 views

GHSA-5CHR-FJJV-38QV langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS6AI score0.00274EPSS

Exploits0References6

Snyk•added 2025/03/20 10:52 a.m.•1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

8.7CVSS6.7AI score0.00274EPSS

Exploits0References2

Vulnrichment•added 2025/03/20 10:8 a.m.•4 views

CVE-2024-10940 Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain

5.3CVSS5.3AI score0.00274EPSS

Exploits0References2

Huntr•added 2024/11/04 7:10 p.m.•5 views

Read from host file system via ImagePromptTemplate in langchain-core

Description You can create langchaincore.prompts.ImagePromptTemplate's and by extension the langchaincore.prompts.ChatPromptTemplate's with input variables that make it possible for the prompt template to read any user-specified path from the server file system. If the outputs of the prompt...

5.3CVSS5.4AI score0.00274EPSS

Exploits0

OSV•added 2024/10/29 1:15 p.m.•11 views

CVE-2024-7962

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

7.5CVSS6.6AI score

Exploits0References2

NVD•added 2024/10/29 1:15 p.m.•7 views

CVE-2024-7962

7.5CVSS0.00407EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by