4563 matches found
CVE-2022-42435
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
PT-2025-54: Business Logic Errors in FreeScout
The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...
PT-2025-56: Business Logic Errors in FreeScout
The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to skip a required workflow step and still obtain the functional capability. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 23.05.2025...
PT-2025-50: Business Logic Errors in FreeScout
The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...
PT-2025-52: Business Logic Errors in FreeScout
The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...
CVE-2022-38167
The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS...
CVE-2022-46258
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...
CVE-2021-21423
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
CVE-2021-42061
SAP BusinessObjects Business Intelligence Platform Web Intelligence - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify...
CVE-2021-2015
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks...
CVE-2021-20773
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege...
CVE-2021-37549
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient...
CVE-2021-33333
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...
CVE-2020-12283
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...
CVE-2020-26173
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...
CVE-2020-15823
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...
CVE-2020-26172
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...
CVE-2020-26175
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...
CVE-2020-1366
An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'...
CVE-2020-25210
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants...