Lucene search
K

4572 matches found

CNNVD
CNNVD
added 2025/08/27 12:0 a.m.4 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.7, which stems from a remote code execution in the project deployment workflow that could lead to full control of the...

9.4CVSS7.6AI score0.03691EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.4 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.6, which stems from a remote code execution in the application deployment workflow that could result in gaining root...

9.4CVSS7.7AI score0.00919EPSS
Exploits2References4
NVD
NVD
added 2025/08/26 2:15 p.m.6 views

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

9.1CVSS0.00761EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/08/26 12:0 a.m.35 views

LLMs in the SOC: an Empirical Study of Human-AI Collaboration in Security Operations Centres

The integration of Large Language Models LLMs into Security Operations Centres SOCs presents a transformative, yet still evolving, opportunity to reduce analyst workload through human-AI collaboration. However, their real-world application in SOCs remains underexplored. To address this gap, we...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.8 views

PT-2025-34765 · Unknown · N8N-Workflows

Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...

9.1CVSS6.1AI score0.00761EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.4 views

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

6.9CVSS6.9AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2025/08/24 3:15 p.m.5 views

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

9.8CVSS0.00377EPSS
Exploits1References5
OSV
OSV
added 2025/08/24 3:15 p.m.5 views

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

9.8CVSS5.6AI score0.00377EPSS
Exploits1References5
CVE
CVE
added 2025/08/24 2:32 p.m.20 views

CVE-2025-9391

Vulnerability CVE-2025-9391 affects Bjskzy Zhiyou ERP (versions up to 11.x). The flaw is in com.artery.workflow.ServiceImpl.getFieldValue, where improper handling of the sql argument enables SQL injection. Exploitation can be remote and publicly available PoCs are reported. Affected products and ...

9.8CVSS6.6AI score0.00377EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/21 6:20 p.m.13 views

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

8.2CVSS7.4AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 12:0 a.m.18 views

CVE-2025-50503

The CVE-2025-50503 entry concerns Touch Lebanon Mobile App 2.20.2, where a flaw in the password reset workflow enables bypassing the OTP mechanism, potentially allowing an unauthorized user to reset a password and access an account without a legitimate authentication factor. The incident is descr...

8.8CVSS7.7AI score0.00339EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 6:15 p.m.7 views

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

8.2CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 6:1 p.m.34 views

CVE-2025-8450

The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...

8.2CVSS7.3AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 6:1 p.m.5 views

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

8.2CVSS7.3AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.7 views

PT-2025-33750 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...

8.7CVSS5.9AI score0.00347EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.7 views

PT-2025-33838 · Fortra · Fortra Filecatalyst

Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...

8.2CVSS7.1AI score0.0026EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.5 views

Fortra FileCatalyst Workflow 安全漏洞

Fortra FileCatalyst Workflow is a file transfer management component from US-based Fortra. A security vulnerability exists in Fortra FileCatalyst Workflow that stems from improper access control and could allow an unauthenticated user to upload arbitrary files...

8.2CVSS7AI score0.0026EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 12:24 p.m.7 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...

7.5CVSS6.7AI score0.00252EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.11 views

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

8.6CVSS7.7AI score0.0032EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in actions-workflow-tools (npm)

The package actions-workflow-tools was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder