Lucene search
K

4560 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:19 a.m.6 views

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5.3CVSS6.4AI score0.00694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:55 p.m.6 views

CVE-2008-3685

Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...

10CVSS7.8AI score0.12871EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.4 views

Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...

7.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

From Nuclear Safety to LLM Security: Applying Non-Probabilistic Risk Management Strategies to Build Safe and Secure LLM-Powered Systems

Large language models LLMs offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis PRA requires exhaustive risk enumeration and quantification, the novelty and...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/15 5:14 p.m.10 views

CVE-2025-47280

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/05/15 12:0 a.m.116 views

📄 Nextcloud Workflows Remote Code Execution

This Metasploit module adds workflows as an authenticated user which can only be created by administrators by design. If the app "Nextcloud Workflow Script" is installed it is possible to generate a workflow that executes commands. This module requires Metasploit: https://metasploit.com/download...

9CVSS8.9AI score0.04176EPSS
Exploits2
OSV
OSV
added 2025/05/13 8:17 p.m.7 views

GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

6.3CVSS6.6AI score0.00239EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/05/13 8:17 p.m.16 views

Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2025/05/13 5:6 p.m.16 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS0.00239EPSS
Exploits1References1
OSV
OSV
added 2025/05/13 5:6 p.m.5 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS6.4AI score0.00239EPSS
Exploits1References3
CVE
CVE
added 2025/05/13 5:6 p.m.46 views

CVE-2025-47280

Umbrao Forms HTML injection : The Send email workflow in Umbraco Forms (versions 7.x through just before 13.4.2 and 15.1.2) does not HTML-encode user-provided field values, allowing potential email spoofing or bypass of security checks. Affected forms can patch by updating to 13.4.2 or 15.1.2, or...

6.3CVSS7AI score0.00239EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 5:6 p.m.8 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...

6.3CVSS6.3AI score0.00239EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.7 views

PT-2025-21011 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco Forms versions 7.x through 13.4.1 Umbraco Forms versions 15.1.1 and earlier Description: The issue affects Umbraco Forms, a form builder that integrates with the Umbraco content management system. It is related to the 'Send email'...

6.3CVSS6.2AI score0.00239EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/12 1:28 p.m.15 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2022-42920

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache BCEL in an OSGi bundle. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By...

9.8CVSS7.1AI score0.02836EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.6 views

The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform lies in the lack of security measures for website structures. This allows attackers to execute cross-site scripting attacks.

The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform relates to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to...

5.5CVSS5.3AI score0.00259EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/08 7:13 p.m.12 views

CVE-2025-46820

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS7.3AI score0.00163EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 6:23 a.m.4 views

Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

5.5CVSS5.8AI score0.00408EPSS
Exploits1Affected Software2
Vulnrichment
Vulnrichment
added 2025/05/06 6:48 p.m.18 views

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS7AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 6:48 p.m.20 views

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS0.00163EPSS
Exploits0References2
Rows per page
Query Builder