4572 matches found
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.7, which stems from a remote code execution in the project deployment workflow that could lead to full control of the...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.6, which stems from a remote code execution in the application deployment workflow that could result in gaining root...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
LLMs in the SOC: an Empirical Study of Human-AI Collaboration in Security Operations Centres
The integration of Large Language Models LLMs into Security Operations Centres SOCs presents a transformative, yet still evolving, opportunity to reduce analyst workload through human-AI collaboration. However, their real-world application in SOCs remains underexplored. To address this gap, we...
PT-2025-34765 · Unknown · N8N-Workflows
Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...
CVE-2025-43764
Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...
CVE-2025-9391
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-9391
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-9391
Vulnerability CVE-2025-9391 affects Bjskzy Zhiyou ERP (versions up to 11.x). The flaw is in com.artery.workflow.ServiceImpl.getFieldValue, where improper handling of the sql argument enables SQL injection. Exploitation can be remote and publicly available PoCs are reported. Affected products and ...
CVE-2025-8450
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-50503
The CVE-2025-50503 entry concerns Touch Lebanon Mobile App 2.20.2, where a flaw in the password reset workflow enables bypassing the OTP mechanism, potentially allowing an unauthorized user to reset a password and access an account without a legitimate authentication factor. The incident is descr...
CVE-2025-8450
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450
The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...
CVE-2025-8450 Unrestricted File Upload in FileCatalyst
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
PT-2025-33750 · N8N · N8N
Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...
PT-2025-33838 · Fortra · Fortra Filecatalyst
Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...
Fortra FileCatalyst Workflow 安全漏洞
Fortra FileCatalyst Workflow is a file transfer management component from US-based Fortra. A security vulnerability exists in Fortra FileCatalyst Workflow that stems from improper access control and could allow an unauthenticated user to upload arbitrary files...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...
CVE-2025-55192
HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...
Malicious code in actions-workflow-tools (npm)
The package actions-workflow-tools was found to contain malicious code...