CVE-2026-44246 nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

EUVD-2021-11435

Malware in sbrugna...

EUVD-2022-39972

Malicious code in bioql PyPI...

CVE-2025-24290

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application Version 2.4.206 and earlier could allow a malicious actor with low privileges to escalate privileges...

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. PoC As admin, put the below payloads in the related vulnerable field/s and save them the...