Lucene search
K

887 matches found

vulnersOsv
vulnersOsv
added 2026/02/19 7:34 p.m.4 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), aiqtoolkit-semantic-kernel (>=1.1.0 <=1.2.0rc4) +4 more potentially affected by CVE-2026-26030 via semantic-kernel (>=1.0.0rc1 <=1.35.3)

semantic-kernel PYPI version =1.0.0rc1, =1.0.0, =1.1.0, =0.1.1, =0.2.0, =1.2.0, =0.0.1, =0.0.4 Source cves: CVE-2026-26030 Source advisory: SNYK:PYTHON-SEMANTICKERNEL-15323118...

9.9CVSS5.4AI score0.02914EPSS
Exploits2
OSV
OSV
added 2026/02/19 7:34 p.m.5 views

GHSA-XJW9-4GW8-4RQX Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...

9.9CVSS5.5AI score0.02914EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2026/02/19 7:34 p.m.13 views

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...

9.9CVSS5.5AI score0.02914EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2026/02/19 5:24 p.m.11 views

PYSEC-2026-163

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.4AI score0.02914EPSS
Exploits2References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/19 5:24 p.m.4 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-26030 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-26030 Source advisory: OSV:PYSEC-2026-163...

9.9CVSS5.4AI score0.02914EPSS
Exploits2
NVD
NVD
added 2026/02/19 5:24 p.m.11 views

CVE-2026-26030

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS0.02914EPSS
Exploits2References3
OSV
OSV
added 2026/02/19 5:24 p.m.8 views

PYSEC-2026-163

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.4AI score0.02914EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:0 p.m.6 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.3AI score0.02914EPSS
Exploits2References3
OSV
OSV
added 2026/02/19 4:0 p.m.6 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.4AI score0.02914EPSS
Exploits2References5
CVE
CVE
added 2026/02/19 4:0 p.m.55 views

CVE-2026-26030

Summary of CVE-2026-26030 : The issue affects Microsoft’s Semantic Kernel Python SDK, specifically the InMemoryVectorStore filter functionality. Versions prior to 1.39.4 are vulnerable to remote code execution. The vulnerability is mitigated by upgrading to python-1.39.4 or higher; as a workaroun...

9.9CVSS6.3AI score0.02914EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 4:0 p.m.25 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS0.02914EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20868

Name of the Vulnerable Software and Affected Versions Semantic Kernel Python SDK versions prior to 1.39.4 Description A remote code execution issue exists within the InMemoryVectorStore filter functionality. Recommendations Update to version 1.39.4 or higher. As a temporary workaround, avoid usin...

9.9CVSS6.5AI score0.02914EPSS
Exploits2References64
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

Microsoft Semantic Kernel 代码注入漏洞

Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...

9.9CVSS6.1AI score0.02914EPSS
Exploits2References3
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.18 views

From Tool Orchestration to Code Execution: A Study of MCP Design Choices

Model Context Protocols MCPs provide a unified platform for agent systems to discover, select, and orchestrate tools across heterogeneous execution environments. As MCP-based systems scale to incorporate larger tool catalogs and multiple concurrently connected MCP servers, traditional tool-by-too...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.9 views

Favia: Forensic Agent for Vulnerability-Fix Identification and Analysis

Identifying vulnerability-fixing commits corresponding to disclosed CVEs is essential for secure software maintenance but remains challenging at scale, as large repositories contain millions of commits of which only a small fraction address security issues. Existing automated approaches, includin...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.7 views

QRS: A Rule-Synthesizing Neuro-Symbolic Triad for Autonomous Vulnerability Discovery

Static Application Security Testing SAST tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false positives, and detect only predefined vulnerability patterns...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.9 views

Following Dragons: Code Review-Guided Fuzzing

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...

6AI score
Exploits0
Veracode
Veracode
added 2026/02/09 8:4 a.m.7 views

Arbitrary File Write

Semantic Kernel is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths in the SessionsPythonPlugin, where attacker-controlled localFilePath arguments passed to DownloadFileAsync or UploadFileAsync can write files to arbitrary locations on the host...

9.9CVSS5.7AI score0.0195EPSS
Exploits0References5Affected Software2
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.6 views

Exploring Semantic Labeling Strategies for Third-Party Cybersecurity Risk Assessment Questionnaires

Third-Party Risk Assessment TPRA is a core cybersecurity practice for evaluating suppliers against standards such as ISO/IEC 27001 and NIST. TPRA questionnaires are typically drawn from large repositories of security and compliance questions, yet tailoring assessments to organizational needs...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.11 views

PT-2026-7193

Name of the Vulnerable Software and Affected Versions Cube versions 1.1.17 through 1.5.12 and 1.4.1 Description Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References9
Rows per page
Query Builder