4560 matches found
CVE-2019-5503
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2008-3685
Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...
Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects
Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...
From Nuclear Safety to LLM Security: Applying Non-Probabilistic Risk Management Strategies to Build Safe and Secure LLM-Powered Systems
Large language models LLMs offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis PRA requires exhaustive risk enumeration and quantification, the novelty and...
CVE-2025-47280
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
📄 Nextcloud Workflows Remote Code Execution
This Metasploit module adds workflows as an authenticated user which can only be created by administrators by design. If the app "Nextcloud Workflow Script" is installed it is possible to generate a workflow that executes commands. This module requires Metasploit: https://metasploit.com/download...
GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2025-47280
Umbrao Forms HTML injection : The Send email workflow in Umbraco Forms (versions 7.x through just before 13.4.2 and 15.1.2) does not HTML-encode user-provided field values, allowing potential email spoofing or bypass of security checks. Affected forms can patch by updating to 13.4.2 or 15.1.2, or...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
Umbraco Forms 安全漏洞
Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...
PT-2025-21011 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: Umbraco Forms versions 7.x through 13.4.1 Umbraco Forms versions 15.1.1 and earlier Description: The issue affects Umbraco Forms, a form builder that integrates with the Umbraco content management system. It is related to the 'Send email'...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2022-42920
Summary IBM Business Automation Workflow packages a vulnerable copy of Apache BCEL in an OSGi bundle. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By...
The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform lies in the lack of security measures for website structures. This allows attackers to execute cross-site scripting attacks.
The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform relates to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to...
CVE-2025-46820
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow
Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...