Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4399 | 1 1millionbot | 1 Millie Chat | 2026-04-01 | N/A |
| Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted. | ||||
| CVE-2025-10875 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | ||||
| CVE-2025-64318 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1. | ||||
| CVE-2025-64320 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0. | ||||
| CVE-2025-64321 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0. | ||||
| CVE-2025-36730 | 1 Windsurf | 1 Windsurf | 2025-10-21 | N/A |
| A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions. | ||||
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | ||||
Page 1 of 1.