Lucene search
K

4566 matches found

Cvelist
Cvelist
added 2025/08/14 4:40 p.m.10 views

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

8.6CVSS0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/14 4:40 p.m.3 views

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

8.6CVSS7.6AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2025/08/14 4:40 p.m.6 views

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

8.6CVSS7.4AI score0.0032EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.9 views

PT-2025-33340 · Unknown +2 · Homeassistant-Tapo-Control +3

Name of the Vulnerable Software and Affected Versions: HomeAssistant-Tapo-Control versions prior to commit 2a3b80f Description: HomeAssistant-Tapo-Control, a component offering control for Tapo cameras within Home Assistant, contained a code injection vulnerability in the GitHub Actions workflow...

8.6CVSS7AI score0.0032EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.2 views

PT-2025-34541 · Github Actions · Boldestdungeon/Steam-Workshop-Deploy +1

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

10CVSS7.3AI score
Exploits0References6
NVD
NVD
added 2025/08/12 6:15 p.m.3 views

CVE-2025-53133

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 5:10 p.m.6 views

CVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

...

7.8CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 5:10 p.m.2 views

CVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

...

7.8CVSS7.2AI score0.00327EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/08/12 12:30 p.m.14 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7655 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2025-8885 Source...

6.3CVSS6.7AI score0.00505EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.22 views

Civil Servants As Builders: Enabling Non-IT Staff to Develop Secure Python and R Tools

Current digital government literature focuses on professional in-house IT teams, specialized digital service teams, vendor-developed systems, or proprietary low-code/no-code tools. Almost no scholarship addresses a growing middle ground: technically skilled civil servants outside formal IT roles...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/09 12:18 p.m.7 views

Security Bulletin: Security vulnerability in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2025-54090)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6.3CVSS6.3AI score0.00691EPSS
Exploits0Affected Software2
Fedora
Fedora
added 2025/08/09 3:8 a.m.9 views

[SECURITY] Fedora 41 Update: incus-6.15-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

8.1CVSS7.3AI score0.00202EPSS
Exploits0
Fedora
Fedora
added 2025/08/09 3:5 a.m.6 views

[SECURITY] Fedora 42 Update: incus-6.15-1.fc42

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

8.1CVSS7.3AI score0.00202EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.7 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS6.6AI score0.00294EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:36 p.m.5 views

Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...

7.8CVSS7.1AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:33 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:25 p.m.5 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808

Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:22 p.m.8 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...

5.5CVSS6.2AI score0.00143EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:19 p.m.4 views

Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763

Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6AI score0.00986EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:16 p.m.7 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software2
Rows per page
Query Builder