Lucene search
K

68 matches found

Cvelist
Cvelist
added 2024/04/02 4:40 p.m.34 views

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.6AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.4 views

PT-2024-22137

Name of the Vulnerable Software and Affected Versions Nuclei versions prior to 3.2.0 Description A significant security oversight was identified in Nuclei, involving the execution of unsigned code templates through workflows. This issue specifically affects users utilizing custom workflows,...

8.7CVSS7.5AI score0.00411EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.6 views

Nuclei Security Vulnerabilities

Nuclei is a customizable and fast vulnerability scanner based on YAML syntax templates. A security vulnerability exists in nuclei 3.0.0 and later, which stems from allowing the execution of unsigned code templates via a workflow, resulting in malicious code that can be executed on a user's system...

7.4CVSS7.2AI score0.00411EPSS
Exploits0References6
OSV
OSV
added 2024/02/14 8:15 p.m.6 views

CVE-2024-1482

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

6.5CVSS5.9AI score0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/14 8:4 p.m.14 views

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

7.1CVSS6.8AI score0.00422EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/14 8:4 p.m.31 views

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

7.1CVSS7.1AI score0.00422EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.1 views

DECE Software Geodi Security Vulnerability

DECE Software Geodi is DECE Software's semantic search, GIS and discovery platform based on artificial intelligence and natural language processing. A security vulnerability exists in DECE Software Geodi versions prior to 8.0.0.27396 that stems from the presence of a behavioral workflow execution...

7.1CVSS6.9AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/15 8:0 p.m.19 views

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

8.9AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder