Lucene search
K

4572 matches found

Microsoft KB
Microsoft KB
added 2025/09/09 7:0 a.m.10 views

Description of the security update for SharePoint Server Subscription Edition: September 09, 2025 (KB5002784)

Description of the security update for SharePoint Server Subscription Edition: September 09, 2025 KB5002784 Summary Important: Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to your Far...

8.8CVSS7.6AI score0.18084EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/09/09 7:0 a.m.9 views

Description of the security update for SharePoint Server 2019: September 09, 2025 (KB5002775)

Description of the security update for SharePoint Server 2019: September 09, 2025 KB5002775 Summary Important: ​​​​​​​​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to your Farm...

8.8CVSS7.2AI score0.18084EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/09/09 7:0 a.m.11 views

Description of the security update for SharePoint Server 2016: September 09, 2025 (KB5002778)

Description of the security update for SharePoint Server 2016: September 09, 2025 KB5002778 Summary Important: ​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to your Farm. If...

8.8CVSS7.1AI score0.18084EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/09/09 7:0 a.m.11 views

Description of the security update for SharePoint Server 2016 Language Pack: September 09, 2025 (KB5002777)

Description of the security update for SharePoint Server 2016 Language Pack: September 09, 2025 KB5002777 Summary Important: ​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to you...

7.1CVSS6AI score0.00584EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/09/09 7:0 a.m.10 views

Description of the security update for SharePoint Server 2019 Language Pack: September 09, 2025 (KB5002774)

Description of the security update for SharePoint Server 2019 Language Pack: September 09, 2025 KB5002774 Summary Important: ​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to you...

7.1CVSS6AI score0.00584EPSS
Exploits0
OSV
OSV
added 2025/09/09 5:40 a.m.3 views

BIT-JUPYTERLAB-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS7.1AI score0.01024EPSS
Exploits3References3
Snyk
Snyk
added 2025/09/08 6:31 p.m.1 views

Arbitrary File Upload

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the ChatTrigger component. An attacker can execute arbitrary code by uploading a crafted HTML file. Remediation Upgrade n8n-workflow to version 1.104.0 or higher...

8.8CVSS7.4AI score0.00557EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/07 11:13 p.m.17 views

CVE-2025-58371

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS8AI score0.0075EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/06 12:0 a.m.5 views

Exploit Tool Invocation Prompt for Tool Behavior Hijacking in LLM-Based Agentic System

LLM-based agentic systems leverage large language models to handle user queries, make decisions, and execute external tools for complex tasks across domains like chatbots, customer service, and software engineering. A critical component of these systems is the Tool Invocation Prompt TIP, which...

8.2AI score
Exploits0
NVD
NVD
added 2025/09/05 11:15 p.m.4 views

CVE-2025-58371

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS0.0075EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/05 10:42 p.m.7 views

CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS0.0075EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/05 9:16 a.m.7 views

CVE-2024-13065

Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding.This issue affects MyRezzta: from s2.02.02 before v2.05.01...

6.3CVSS6.9AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.4 views

PT-2025-36339

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...

9.9CVSS7.4AI score0.0075EPSS
Exploits0References11
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Unspecified Vulnerability in Akinsoft MyRezzta

Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...

6.3CVSS7AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 2:7 p.m.2 views

GHSA-VXMW-7H4F-HQXH PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps

Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...

7.6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/04 2:7 p.m.6 views

PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps

Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...

7.6AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:2 a.m.13 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

7.5CVSS7.6AI score0.63258EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/09/03 9:15 a.m.4 views

CVE-2024-13065

Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding. This issue affects MyRezzta: from s2.02.02 before v2.05.01...

6.3CVSS0.00183EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/03 8:48 a.m.5 views

CVE-2024-13065

Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding. This issue affects MyRezzta: from s2.02.02 before v2.05.01...

6.3CVSS5.8AI score0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/03 8:48 a.m.4 views

CVE-2024-13065 Business Logic Error in Akinsoft's MyRezzta

Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding. This issue affects MyRezzta: from s2.02.02 before v2.05.01...

6.3CVSS5.8AI score0.00183EPSS
Exploits0References2
Rows per page
Query Builder