Lucene search
K

4563 matches found

PyPA
PyPA
added 2025/06/17 7:15 a.m.8 views

PYSEC-2025-64

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function createworkflow of the file pythona2a/agentflow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommend...

9.8CVSS6.8AI score0.0071EPSS
Exploits1References12Affected Software1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.5 views

Python A2A 路径遍历漏洞

Python A2A is a functional Python library by the individual developer Manoj Desai for implementing Google's A2A protocol. A security vulnerability exists in Python A2A version 0.5.5 and earlier, which stems from a path traversal issue in the function createworkflow in the file...

9.8CVSS5.4AI score0.0071EPSS
Exploits1References8
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fixed handling of EFAULT errors. Currently, we treat EFAULT errors from hmmrangefault as non-fatal errors when called from xevmuserptrpin. This is done on the assumption that the user has only performed a unmap...

5.5CVSS6.1AI score0.00187EPSS
Exploits0References3
Fedora
Fedora
added 2025/06/13 1:34 a.m.9 views

[SECURITY] Fedora 41 Update: gh-2.74.0-1.fc41

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

9.8CVSS7.4AI score0.00429EPSS
Exploits0
Fedora
Fedora
added 2025/06/13 1:3 a.m.7 views

[SECURITY] Fedora 42 Update: gh-2.74.0-1.fc42

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

9.8CVSS7.4AI score0.00429EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/11 1:21 p.m.5 views

CVE-2025-49013

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

9.9CVSS10AI score0.00636EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 12:47 p.m.8 views

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

9.9CVSS10AI score0.00636EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/09 12:47 p.m.23 views

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

9.9CVSS0.00636EPSS
Exploits0References5
OSV
OSV
added 2025/06/09 12:47 p.m.3 views

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

9.9CVSS8.3AI score0.00636EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/09 12:1 a.m.10 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS8.7AI score0.13746EPSS
Exploits6References1
Snyk
Snyk
added 2025/06/07 2:41 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the formatblockparametertemplatefromworkflowruncontext function in the block.py file. An attacker can access sensitive information by exploiting the Jinja runtime...

8.5CVSS6.7AI score0.13746EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/06/05 12:0 a.m.9 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2025:8609)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8609 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

7.5CVSS7.3AI score0.00748EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/04 9:15 a.m.25 views

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...

6.8CVSS6.6AI score0.00776EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 9:19 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the April 2025 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

6.8AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 3:54 p.m.22 views

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

9.8CVSS6.9AI score0.7848EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/25 5:53 p.m.14 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33104)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.6CVSS6AI score0.00192EPSS
Exploits0Affected Software2
Snyk
Snyk
added 2025/05/23 4:45 p.m.2 views

Improper Enforcement of Behavioral Workflow

Overview DotNetNuke.SiteExportImport is an A package containing components required for developing extensions to utilize site export/import features of DotNetNuke. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow via the site import feature. A...

4.6CVSS6.8AI score0.00214EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.6 views

CVE-2025-21541

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.5 views

CVE-2025-0058

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

6.5CVSS6.2AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.4 views

CVE-2024-52814

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

2.8CVSS6.9AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder