Lucene search
K

4563 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.10 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS6.7AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.9 views

PT-2025-54: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

7CVSS5.8AI score0.0027EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.7 views

PT-2025-56: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to skip a required workflow step and still obtain the functional capability. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 23.05.2025...

5.3CVSS5.8AI score0.00287EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.8 views

PT-2025-50: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

8.8CVSS5.8AI score0.00448EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.11 views

PT-2025-52: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

7CVSS5.8AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:17 p.m.4 views

CVE-2022-38167

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS...

6.1CVSS7AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 p.m.7 views

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

6.5CVSS6.6AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

8.1CVSS7.3AI score0.01381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.10 views

CVE-2021-42061

SAP BusinessObjects Business Intelligence Platform Web Intelligence - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify...

5.4CVSS5.8AI score0.00455EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.5 views

CVE-2021-2015

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks...

8.2CVSS6.5AI score0.01169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 p.m.2 views

CVE-2021-20773

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege...

4.3CVSS6.6AI score0.0078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.10 views

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient...

9.1CVSS6.9AI score0.01346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:47 p.m.7 views

CVE-2021-33333

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...

6.5CVSS6.5AI score0.0087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:49 p.m.6 views

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

6.1CVSS7.1AI score0.013EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.6 views

CVE-2020-26173

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...

4.3CVSS7.1AI score0.00731EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:25 p.m.7 views

CVE-2020-15823

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...

7.5CVSS6.8AI score0.0196EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.12 views

CVE-2020-26172

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...

6.5CVSS6.8AI score0.00652EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.6 views

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

6.5CVSS6.6AI score0.00659EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.6 views

CVE-2020-1366

An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'...

7.8CVSS7AI score0.00708EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.5 views

CVE-2020-25210

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants...

5.3CVSS7AI score0.0143EPSS
Exploits0
Rows per page
Query Builder