Lucene search
K

4572 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.4 views

Fortra FileCatalyst 5.1.6 < 5.2.0 build 130 Unrestricted File Upload (fi-2025-010)

The version of Fortra FileCatalyst Workflow running on the remote host is 5.1.6 prior to 5.2.0 build 130. It is, therefore, is affected by a unrestricted file upload vulnerability as referenced in fi-2025-010 advisory. - Improper Access Control issue in the Workflow component of Fortra's...

8.2CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/25 4:10 a.m.2 views

Malicious Package

Overview @sev-ui-verse/workflow-context is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/25 4:10 a.m.1 views

MAL-2025-47548 Malicious code in @sev-ui-verse/workflow-context (npm)

The package @sev-ui-verse/workflow-context was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b34fd25464abdc87cdcff95770eff1bf8f142ad5407a6487236fcc5c76f72f14 Any computer that has this package installed or running should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/25 4:10 a.m.10 views

Malicious code in @sev-ui-verse/workflow-context (npm)

The package @sev-ui-verse/workflow-context was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b34fd25464abdc87cdcff95770eff1bf8f142ad5407a6487236fcc5c76f72f14 Any computer that has this package installed or running should be...

6.9AI score
Exploits0References3
NVD
NVD
added 2025/09/19 3:15 p.m.4 views

CVE-2025-8532

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

6.4CVSS0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/19 2:12 p.m.12 views

CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

6.4CVSS0.00117EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/19 2:12 p.m.4 views

CVE-2025-8532

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

6.4CVSS5.5AI score0.00117EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2025/09/18 12:0 a.m.5 views

Orion: Fuzzing Workflow Automation

Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring harnesses, to triaging results, still requires substantial manu...

7.3AI score
Exploits0
Snyk
Snyk
added 2025/09/15 5:43 p.m.1 views

Cross-site Scripting (XSS)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public...

6.1CVSS5.3AI score0.00222EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/13 6:26 p.m.12 views

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References1
Gitee
Gitee
added 2025/09/13 4:43 a.m.128 views

personal-security-checklist-1

This repository is an open-source project for a curated checklist of 300+ tips for protecting digital security and privacy in 2022. It is a community-driven project that allows contributors to suggest and submit points to be added, amended, or removed from the list. The project has a code of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/13 12:0 a.m.4 views

Large Language Models for Security Operations Centers: a Comprehensive Survey

Large Language Models LLMs have emerged as powerful tools capable of understanding and generating human-like text, offering transformative potential across diverse domains. The Security Operations Center SOC, responsible for safeguarding digital infrastructure, represents one of these domains. SO...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.7 views

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

4.6CVSS5.6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/11 11:24 p.m.14 views

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS6.8AI score0.00312EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/11 6:35 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

5.3CVSS6.6AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 6:35 p.m.3 views

GHSA-WR8M-5H2P-4432 Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

5.3CVSS6.4AI score0.00234EPSS
Exploits0References9
Snyk
Snyk
added 2025/09/11 6:35 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

5.3CVSS6.6AI score0.00234EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/11 6:35 p.m.7 views

Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

5.3CVSS6.5AI score0.00234EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/09/11 6:15 p.m.26 views

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

5.3CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 6:15 p.m.5 views

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

4.3CVSS6.7AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder