Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44246 | 1 Mic-dkfz | 1 Nnunet | 2026-05-13 | 7.2 High |
| nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1. | ||||
| CVE-2025-36730 | 1 Windsurf | 1 Windsurf | 2026-04-15 | N/A |
| A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions. | ||||
| CVE-2026-4399 | 1 1millionbot | 2 Millie Chat, Millie Chatbot | 2026-04-14 | 7.5 High |
| Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted. | ||||
| CVE-2025-10875 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | ||||
| CVE-2025-64318 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1. | ||||
| CVE-2025-64320 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0. | ||||
| CVE-2025-64321 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0. | ||||
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | ||||
Page 1 of 1.