4560 matches found
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
PT-2025-19986 · Phpgt/Dom · Phpgt/Dom
Name of the Vulnerable Software and Affected Versions: phpgt/Dom versions prior to 4.1.8 Description: The issue exposes the GITHUB TOKEN in the Dom workflow run artifact. This occurs because the ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact, which is a zip of t...
DOM 安全漏洞
DOM is a DOM interface open-sourced by PHP.GT. A security vulnerability exists in DOM versions prior to 4.1.8, which stems from the exposure of GITHUBTOKEN in the Dom workflow runtime product...
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495 IBM Business Automation Workflow missing authentication
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495 IBM Business Automation Workflow missing authentication
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495
CVE-2025-1495 affects IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center, where information can be leaked due to missing authorization validation. Root cause: missing authentication for a critical function. Impact: potential disclosure of sensitive information. Remedia...
Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: A remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2025-27363
Summary IBM Business Automation Workflow containers package a vulnerable version of freetype. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...
Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2025-1495
Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2025-1495 DESCRIPTION: IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation. CWE:CWE-306: Missing Authentication for...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2025-1838
Summary IBM Business Automation Workflow Center is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2025-1838 DESCRIPTION: IBM Business Automation Workflow Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which...
Security Bulletin: Security vulnerability in Apache Kafka clients affects IBM Business Automation Workflow Case Event Emitters - CVE-2024-31141
Summary IBM Business Automation Workflow Case Event Emitters package a vulnerable version of Apache Kafka clients. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apac...
Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565
Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...
IBM Business Automation Workflow 访问控制错误漏洞
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An access control error vulnerability exists in IB...
PT-2025-18949 · Ibm · Ibm Business Automation Workflow
Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 24.0.0 through 24.0.1 IF001 Description: The issue is related to missing authorization validation, which may cause the software to leak sensitive information. Recommendations: For IBM Business...
How to Automate CVE and Vulnerability Advisory Response with Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates...
Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - October 2024 CPU
Summary IBM Business Automation Workflow traditional includes IBM Java 8. Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability...
Poster: Machine Learning for Vulnerability Detection As Target Oracle in Automated Fuzz Driver Generation
In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires...