49 matches found
CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...
CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...
CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...
CVE-2026-2819
The CVE concerns Dromara RuoYi-Vue-Plus (up to 5.5.3) with a flaw in the Workflow Module’s SaServletFilter handling the endpoint /workflow/instance/deleteByInstanceIds. The root cause is missing authorization, enabling a remote attacker to manipulate workflow instances. The description states the...
RuoYi-Vue-Plus 安全漏洞
RuoYi-Vue-Plus is a development framework created by the dromara organization in China. Versions of RuoYi-Vue-Plus 5.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of authorization checks in the SaServletFilter function of the Workflow Module component,...
CVE-2021-33325
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...
EUVD-2009-4479
Malware in sbrugna...
EUVD-2021-20034
Malware in sbrugna...
EUVD-2010-1566
Malware in sbrugna...
CVE-2021-33333
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...
CVE-2025-2622
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...
Malicious code in u-workflow.module.common.project-config (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in u-workflow.module.common.fraud-protection (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-3249 Malicious code in u-workflow.module.common.creative-size (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in u-workflow.module.common.category (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in u-workflow.module.common.hour-of-week (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1158 Malicious code in u-workflow.module.common.hour-of-week (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in u-workflow.module.common.features (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 43c063fa58fdcf0f64acc12e433390c9dc078ab6b6eb6dd773242db454f29a47 The OpenSSF Package Analysis project identified 'u-workflow.module.common.features' @ 1.0.1 npm as malicious. It is considered malicious because...
MAL-2024-1131 Malicious code in u-workflow.module.common.webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 676ec2bf7328ac16d28e24c3bb40fca880b4161a25988951f815eb86c0598b95 The OpenSSF Package Analysis project identified 'u-workflow.module.common.webapp' @ 1.0.0 npm as malicious. It is considered malicious because: ...
GHSA-QWC8-VJH3-GM2J YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a...