Lucene search
K

4576 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/09 12:18 p.m.7 views

Security Bulletin: Security vulnerability in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2025-54090)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6.3CVSS6.3AI score0.00691EPSS
Exploits0Affected Software2
Fedora
Fedora
added 2025/08/09 3:8 a.m.9 views

[SECURITY] Fedora 41 Update: incus-6.15-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

8.1CVSS7.3AI score0.00202EPSS
Exploits0
Fedora
Fedora
added 2025/08/09 3:5 a.m.6 views

[SECURITY] Fedora 42 Update: incus-6.15-1.fc42

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

8.1CVSS7.3AI score0.00202EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.7 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS6.6AI score0.00294EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:36 p.m.5 views

Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...

7.8CVSS7.1AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:33 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:25 p.m.5 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808

Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:22 p.m.8 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...

5.5CVSS6.2AI score0.00143EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:19 p.m.4 views

Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763

Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6AI score0.00986EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:16 p.m.7 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:12 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...

7.5CVSS6.9AI score0.01941EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:10 p.m.7 views

Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910

Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...

10CVSS8.7AI score0.01176EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 3:40 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...

9.1CVSS7.4AI score0.01479EPSS
Exploits5Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/05 11:31 p.m.3 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS6.6AI score0.00432EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2025/08/05 7:8 p.m.5 views

Introducing: The Metasploit Pro AD CS Metamodule

Introducing the AD CS Workflows MetaModule: Now Generally Available in Metasploit Pro We're excited to announce that the AD CS Workflows MetaModule has officially moved from early access to general availability in Metasploit Pro! This powerful new feature represents a significant advancement in...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2025/08/05 4:43 p.m.273 views

Exploit for CVE-2024-32019

CVE-2024-32019-POC Netdata ndsudo local privilage escalation w...

8.8CVSS9.4AI score0.01174EPSS
Exploits15
Talos Blog
Talos Blog
added 2025/07/31 10:0 a.m.12 views

Using LLMs as a reverse engineering sidekick

This research explores how large language models LLMs can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful assistants to streamline workflows, enhance efficiency, and provide actionable insights during malware...

7.6AI score
Exploits0
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.2 views

HPE Telco Service Activator 安全漏洞

HPE Telco Service Activator is a workflow automation platform that enables automated service turn-up from HPE America. A security vulnerability exists in HPE Telco Service Activator that stems from vulnerability to cross-site scripting attacks...

3.5CVSS6.1AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.3 views

HPE Telco Service Activator 安全漏洞

HPE Telco Service Activator is a workflow automation platform that enables automated service turn-up from HPE America. A security vulnerability exists in HPE Telco Service Activator that stems from vulnerability to cross-site scripting attacks...

3.5CVSS6.1AI score0.00192EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/07/30 2:59 p.m.215 views

Exploit for CVE-2025-54769

CVE-2025-54769 – LPAR2RRD RCE Description : This rep...

8.8CVSS9.9AI score0.03038EPSS
Exploits4
Rows per page
Query Builder