Skip to content

Menu
  • Home
Menu

CVE-2026-55615 – Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Posted on July 10, 2026

CVE ID :CVE-2026-55615 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight…

CVE-2026-54771 – Langroid: handle_message() executes user-supplied tool JSON without sender verification

Posted on July 10, 2026

CVE ID :CVE-2026-54771 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat…

CVE-2026-54769 – Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Posted on July 10, 2026

CVE ID :CVE-2026-54769 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox…

CVE-2026-54760 – Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Posted on July 10, 2026

CVE ID :CVE-2026-54760 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default…

CVE-2026-50180 – Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Posted on July 10, 2026

CVE ID :CVE-2026-50180 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query`…

CVE-2026-47646 – Dynamics 365 Customer Voice Spoofing Vulnerability

Posted on July 9, 2026

CVE ID :CVE-2026-47646 Published : July 9, 2026, 12:17 a.m. | 1 hour, 42 minutes ago Description :Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Customer Voice allows an…

CVE-2026-59723 – Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)

Posted on July 9, 2026

CVE ID :CVE-2026-59723 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30,…

CVE-2026-54782 – CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Posted on July 9, 2026

CVE ID :CVE-2026-54782 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior…

CVE-2026-55849 – @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `–workspace` Argument

Posted on July 9, 2026

CVE ID :CVE-2026-55849 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied…

CVE-2026-55830 – RestrictedPython guard hooks can be shadowed via positional-only arguments

Posted on July 9, 2026

CVE ID :CVE-2026-55830 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide…

Posts pagination

1 2 … 109 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme