Lucene search
K

640 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 3:58 p.m.3 views

CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

5.1CVSS5.8AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 3:58 p.m.3 views

EUVD-2026-19357

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

5.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.18 views

PT-2026-30712

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

9.3CVSS6.5AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Workbench 代码注入漏洞

Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a code injection vulnerability. This vulnerability stemmed from the handling of cookie values during the time zone conversion process, whic...

9.8CVSS6.2AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

Workbench 跨站脚本漏洞

Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-type cross-site scripting vulnerability in the...

6.1CVSS5.6AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.9 views

PT-2026-30669

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

5.1CVSS5.8AI score0.00149EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/30 9:29 a.m.10 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +702 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...

10CVSS7.2AI score0.01994EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 1:36 p.m.5 views

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...

9.8CVSS6AI score0.00808EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:18 p.m.8 views

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...

7.5CVSS5.9AI score0.00777EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 8:36 a.m.5 views

Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)

Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...

8.2CVSS5.8AI score0.00612EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.9AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 3:30 p.m.7 views

EUVD-2026-8853

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 3:17 p.m.8 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:14 p.m.22 views

CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:14 p.m.5 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 2:14 p.m.35 views

CVE-2026-2244

Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Google Cloud Vertex AI Workbench 安全漏洞

Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...

8.4CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22149

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.8 views

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

8.2CVSS6.8AI score0.00752EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 8:7 a.m.5 views

EUVD-2025-204910

Malicious code in elf-stats-ember-workbench-742 npm...

6.6AI score
Exploits0
Rows per page
Query Builder