4576 matches found
Security Bulletin: Security vulnerability in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2025-54090)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
[SECURITY] Fedora 41 Update: incus-6.15-1.fc41
Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...
[SECURITY] Fedora 42 Update: incus-6.15-1.fc42
Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808
Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...
Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197
Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...
Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763
Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...
Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141
Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184
Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...
Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910
Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006
Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...
CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
Introducing: The Metasploit Pro AD CS Metamodule
Introducing the AD CS Workflows MetaModule: Now Generally Available in Metasploit Pro We're excited to announce that the AD CS Workflows MetaModule has officially moved from early access to general availability in Metasploit Pro! This powerful new feature represents a significant advancement in...
Exploit for CVE-2024-32019
CVE-2024-32019-POC Netdata ndsudo local privilage escalation w...
Using LLMs as a reverse engineering sidekick
This research explores how large language models LLMs can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful assistants to streamline workflows, enhance efficiency, and provide actionable insights during malware...
HPE Telco Service Activator 安全漏洞
HPE Telco Service Activator is a workflow automation platform that enables automated service turn-up from HPE America. A security vulnerability exists in HPE Telco Service Activator that stems from vulnerability to cross-site scripting attacks...
HPE Telco Service Activator 安全漏洞
HPE Telco Service Activator is a workflow automation platform that enables automated service turn-up from HPE America. A security vulnerability exists in HPE Telco Service Activator that stems from vulnerability to cross-site scripting attacks...
Exploit for CVE-2025-54769
CVE-2025-54769 – LPAR2RRD RCE Description : This rep...