Lucene search
K

4560 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:7 a.m.5 views

CVE-2024-28793

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS6.2AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.3 views

CVE-2024-32872

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS6.8AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.10 views

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

9.8CVSS8.4AI score0.00696EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.8 views

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

9.4CVSS9.7AI score0.00617EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.8 views

CVE-2024-51735

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

8.7CVSS6AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.6 views

CVE-2024-8263

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. Thi...

6.2CVSS7.1AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.7 views

CVE-2024-47159

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project...

4.3CVSS6.8AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.6 views

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS6.5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.4 views

CVE-2023-28430

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

8.1CVSS7.1AI score0.00905EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.2 views

CVE-2023-26493

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

8.8CVSS7.3AI score0.02907EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.7 views

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

6.1CVSS6AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.9 views

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

7.2CVSS6.9AI score0.00791EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.4 views

CVE-2023-30628

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

8.8CVSS7.5AI score0.03596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:47 a.m.5 views

CVE-2023-30554

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...

6.5CVSS8.1AI score0.00835EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.4 views

CVE-2023-30539

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...

8.8CVSS6.7AI score0.00627EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:22 a.m.5 views

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

9.8CVSS8.4AI score0.04049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.7 views

CVE-2023-24957

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

5.4CVSS6AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.10 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS6.7AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.9 views

PT-2025-54: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

7CVSS5.8AI score0.0027EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.7 views

PT-2025-56: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to skip a required workflow step and still obtain the functional capability. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 23.05.2025...

5.3CVSS5.8AI score0.00287EPSS
Exploits1References1
Rows per page
Query Builder