Lucene search
K

290 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.9 views

CVE-2019-20768

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...

5.4CVSS5.7AI score0.00719EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 7:13 a.m.6 views

Information Disclosure

nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...

5.3CVSS7AI score0.00268EPSS
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 2025/11/19 9:59 a.m.12 views

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence AI platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agen...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/11/10 10:33 p.m.9 views

Battle Compliance Confusion and Security Fatigue with Qualys and ServiceNow

Once upon a time, your biggest worry was whether Dave in Accounting would click on a suspicious link. Today, you wish Dave were your only worry. You’re likely balancing four major clouds, including AWS, Azure, Google Cloud, and Oracle, plus on-premises, hybrid environments, thousands of ephemeral...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2025/10/22 3:40 p.m.11 views

CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...

5.3CVSS0.00268EPSS
Exploits0References3
OSV
OSV
added 2025/10/22 3:40 p.m.3 views

CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...

5.3CVSS7AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2025/10/22 3:40 p.m.14 views

CVE-2025-62607

Nautobot Single Source of Truth (SSoT) before version 3.10.0 exposed an unauthenticated configuration page that lets an attacker view the ServiceNow public instance name (e.g., companyname.service-now.com). The issue is information disclosure of low-value data; no secrets or credentials are expos...

5.3CVSS6.6AI score0.00268EPSS
Exploits0References3
Circl
Circl
added 2025/10/10 9:43 a.m.4 views

CVE-2025-11450

creationtimestamp| type| source ---|---|--- 2025-10-10 09:43:33+00:00| seen| https://t.me/GithubRedTeam/54899 2025-10-10 13:01:03+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/servicenow-security-advisory-av25-655 2025-10-11 19:50:49+00:00| published-proof-of-concept|...

5.3CVSS4.8AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2025/10/10 1:9 a.m.17 views

CVE-2025-11450

CVE-2025-11450 describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The issue could allow arbitrary code execution in the browser of a ServiceNow user who clicks a crafted link. ServiceNow has deployed security updates to the majority of hosted instances and pro...

5.3CVSS6.4AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 1:9 a.m.5 views

CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

5.3CVSS6.4AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.5 views

PT-2025-41500

Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description A reflected cross-site scripting issue exists in the ServiceNow AI Platform. Successful exploitation could allow for the execution of arbitrary code within the browsers of ServiceNow users...

5.3CVSS6.4AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

ServiceNow AI Platform 安全漏洞

ServiceNow AI Platform is an AI Intelligence Platform from ServiceNow, a US-based company. A security vulnerability exists in ServiceNow AI Platform that stems from a reflected cross-site scripting vulnerability that could lead to the execution of arbitrary code in the browser when a user clicks ...

5.3CVSS6.4AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.6 views

ServiceNow AI Platform 安全漏洞

ServiceNow AI Platform is an AI only platform from ServiceNow, Inc. in the United States. A security vulnerability exists in ServiceNow AI Platform that stems from susceptibility to a reflective cross-site scripting attack that could lead to the execution of arbitrary code in the browser...

5.3CVSS6.5AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-2695

Malware in sbrugna...

7.5CVSS7.6AI score0.0113EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-19463

Malware in sbrugna...

8.8CVSS8.8AI score0.02583EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-20330

Malware in sbrugna...

5.4CVSS5.5AI score0.00696EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-2698

Malware in sbrugna...

6.5CVSS6.6AI score0.00846EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-11307

Malware in sbrugna...

5.4CVSS5.5AI score0.00719EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-45770

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00439EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-24446

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0042EPSS
Exploits0References1
Rows per page
Query Builder