290 matches found
CVE-2019-20768
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...
Information Disclosure
nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence AI platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agen...
Battle Compliance Confusion and Security Fatigue with Qualys and ServiceNow
Once upon a time, your biggest worry was whether Dave in Accounting would click on a suspicious link. Today, you wish Dave were your only worry. You’re likely balancing four major clouds, including AWS, Azure, Google Cloud, and Oracle, plus on-premises, hybrid environments, thousands of ephemeral...
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-62607
Nautobot Single Source of Truth (SSoT) before version 3.10.0 exposed an unauthenticated configuration page that lets an attacker view the ServiceNow public instance name (e.g., companyname.service-now.com). The issue is information disclosure of low-value data; no secrets or credentials are expos...
CVE-2025-11450
creationtimestamp| type| source ---|---|--- 2025-10-10 09:43:33+00:00| seen| https://t.me/GithubRedTeam/54899 2025-10-10 13:01:03+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/servicenow-security-advisory-av25-655 2025-10-11 19:50:49+00:00| published-proof-of-concept|...
CVE-2025-11450
CVE-2025-11450 describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The issue could allow arbitrary code execution in the browser of a ServiceNow user who clicks a crafted link. ServiceNow has deployed security updates to the majority of hosted instances and pro...
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
PT-2025-41500
Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description A reflected cross-site scripting issue exists in the ServiceNow AI Platform. Successful exploitation could allow for the execution of arbitrary code within the browsers of ServiceNow users...
ServiceNow AI Platform 安全漏洞
ServiceNow AI Platform is an AI Intelligence Platform from ServiceNow, a US-based company. A security vulnerability exists in ServiceNow AI Platform that stems from a reflected cross-site scripting vulnerability that could lead to the execution of arbitrary code in the browser when a user clicks ...
ServiceNow AI Platform 安全漏洞
ServiceNow AI Platform is an AI only platform from ServiceNow, Inc. in the United States. A security vulnerability exists in ServiceNow AI Platform that stems from susceptibility to a reflective cross-site scripting attack that could lead to the execution of arbitrary code in the browser...
EUVD-2016-2695
Malware in sbrugna...
EUVD-2018-19463
Malware in sbrugna...
EUVD-2018-20330
Malware in sbrugna...
EUVD-2016-2698
Malware in sbrugna...
EUVD-2019-11307
Malware in sbrugna...
EUVD-2022-45770
Malicious code in bioql PyPI...
EUVD-2025-24446
Malicious code in bioql PyPI...