640 matches found
CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...
EUVD-2026-19357
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...
PT-2026-30712
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...
Workbench 代码注入漏洞
Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a code injection vulnerability. This vulnerability stemmed from the handling of cookie values during the time zone conversion process, whic...
Workbench 跨站脚本漏洞
Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-type cross-site scripting vulnerability in the...
PT-2026-30669
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...
abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +702 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)
mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...
Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)
Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...
CVE-2026-2244
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
EUVD-2026-8853
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-2244
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-2244
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-2244
Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...
Google Cloud Vertex AI Workbench 安全漏洞
Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...
PT-2026-22149
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2021-27473
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...
EUVD-2025-204910
Malicious code in elf-stats-ember-workbench-742 npm...