Lucene search
K

4560 matches found

OSV
OSV
added 2025/05/06 6:48 p.m.5 views

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS7AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.5 views

PT-2025-19986 · Phpgt/Dom · Phpgt/Dom

Name of the Vulnerable Software and Affected Versions: phpgt/Dom versions prior to 4.1.8 Description: The issue exposes the GITHUB TOKEN in the Dom workflow run artifact. This occurs because the ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact, which is a zip of t...

7.1CVSS6.4AI score0.00163EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

DOM 安全漏洞

DOM is a DOM interface open-sourced by PHP.GT. A security vulnerability exists in DOM versions prior to 4.1.8, which stems from the exposure of GITHUBTOKEN in the Dom workflow runtime product...

7.1CVSS6.5AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2025/05/03 5:15 p.m.16 views

CVE-2025-1495

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS0.00211EPSS
Exploits0References1
OSV
OSV
added 2025/05/03 5:15 p.m.3 views

CVE-2025-1495

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS5.8AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/03 4:53 p.m.7 views

CVE-2025-1495 IBM Business Automation Workflow missing authentication

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS6.3AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/03 4:53 p.m.17 views

CVE-2025-1495 IBM Business Automation Workflow missing authentication

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2025/05/03 4:53 p.m.57 views

CVE-2025-1495

CVE-2025-1495 affects IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center, where information can be leaked due to missing authorization validation. Root cause: missing authentication for a critical function. Impact: potential disclosure of sensitive information. Remedia...

4.3CVSS4.4AI score0.00211EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:16 a.m.18 views

Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:8 a.m.19 views

Security Bulletin: A remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2025-27363

Summary IBM Business Automation Workflow containers package a vulnerable version of freetype. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...

8.1CVSS7.4AI score0.23357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:5 a.m.11 views

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2025-1495

Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2025-1495 DESCRIPTION: IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation. CWE:CWE-306: Missing Authentication for...

4.3CVSS6.1AI score0.00211EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:2 a.m.11 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2025-1838

Summary IBM Business Automation Workflow Center is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2025-1838 DESCRIPTION: IBM Business Automation Workflow Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which...

6.5CVSS9.2AI score0.00321EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:59 a.m.24 views

Security Bulletin: Security vulnerability in Apache Kafka clients affects IBM Business Automation Workflow Case Event Emitters - CVE-2024-31141

Summary IBM Business Automation Workflow Case Event Emitters package a vulnerable version of Apache Kafka clients. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apac...

6.5CVSS9.2AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:55 a.m.17 views

Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:52 a.m.20 views

Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565

Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...

9.8CVSS9.4AI score0.00759EPSS
Exploits1Affected Software2
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.3 views

IBM Business Automation Workflow 访问控制错误漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An access control error vulnerability exists in IB...

4.3CVSS6.1AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/03 12:0 a.m.6 views

PT-2025-18949 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 24.0.0 through 24.0.1 IF001 Description: The issue is related to missing authorization validation, which may cause the software to leak sensitive information. Recommendations: For IBM Business...

4.3CVSS5.7AI score0.00211EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2025/05/02 10:30 a.m.16 views

How to Automate CVE and Vulnerability Advisory Response with Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates...

7.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 8:9 a.m.34 views

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - October 2024 CPU

Summary IBM Business Automation Workflow traditional includes IBM Java 8. Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability...

5.3CVSS7.8AI score0.01157EPSS
Exploits0Affected Software2
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.3 views

Poster: Machine Learning for Vulnerability Detection As Target Oracle in Automated Fuzz Driver Generation

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires...

7AI score
Exploits0
Rows per page
Query Builder