Lucene search
K

4558 matches found

RedhatCVE
RedhatCVE
added 2025/03/17 5:11 p.m.9 views

CVE-2025-2323

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...

5.3CVSS6.6AI score0.00427EPSS
Exploits1References1
OSV
OSV
added 2025/03/15 5:15 p.m.3 views

CVE-2025-2323

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...

5.3CVSS4.8AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/15 5:0 p.m.9 views

CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...

5.3CVSS4.6AI score0.00427EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/15 5:0 p.m.14 views

CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...

5.3CVSS0.00427EPSS
Exploits1References4
CVE
CVE
added 2025/03/15 5:0 p.m.93 views

CVE-2025-2323

CVE-2025-2323 concerns a vulnerability in the 274056675 springboot-openai-chatgpt project where the function updateQuestionCou in /api/mjkj-chat/chat/mng/update/questionCou of the Number of Question Handler can be manipulated to enforce a behavioral workflow. Exploitation is described as remote. ...

5.3CVSS6.8AI score0.00427EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.2 views

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from behavioral workflow coercion and could lead to remote attacks...

5.3CVSS4.9AI score0.00427EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.5 views

PT-2025-11328

Name of the Vulnerable Software and Affected Versions tj-actions/changed-files versions 1 through 45.0.7 Description The tj-actions/changed-files GitHub Action was compromised, allowing remote attackers to discover secrets by reading actions logs. The compromise occurred between March 14 and Marc...

8.6CVSS7.7AI score0.41008EPSS
Exploits2References332
VulnCheck KEV
VulnCheck KEV
added 2025/03/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-30066

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...

8.6CVSS5.9AI score0.41008EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 6:33 p.m.10 views

Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)

Summary IBM Business Automation Workflow Configuration Editor repackages a nodejs runtime and multiple application level models. Vulnerabilities have been reported for the runtime and some modules.. Vulnerability Details CVEID:CVE-2025-23083 DESCRIPTION: With the aid of the diagnosticschannel...

8.7CVSS8.2AI score0.01404EPSS
Exploits1Affected Software2
Qualys Blog
Qualys Blog
added 2025/03/10 3:0 p.m.9 views

Qualys & ServiceNow: Automating Risk-Driven Remediation for Container Security

Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate...

7.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/03/08 8:0 a.m.4 views

media: imx-jpeg: Ensure power suppliers be suspended before detach them

...

5.5CVSS7.4AI score0.00231EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/07 10:39 p.m.5 views

CVE-2025-27508

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...

7.5CVSS7AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2025/03/05 10:15 p.m.3 views

CVE-2025-27508

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...

7.5CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/03/05 9:32 p.m.57 views

CVE-2025-27508

Emissary (CVE-2025-27508) uses a ChecksumCalculator that defaults to weak cryptographic algorithms (SHA-1, CRC32, SSDEEP). The issue may undermine cryptographic guarantees in contexts requiring strong integrity, with potential collision risks or tampering awareness. The problem is documented acro...

7.5CVSS7AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2025/03/05 9:32 p.m.5 views

CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...

7.5CVSS6.5AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/05 5:0 p.m.14 views

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS6.4AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/03/05 2:56 p.m.51 views

CVE-2025-1714

CVE-2025-1714 concerns Perforce Gliffy Online: lack of rate limiting in the sign-up workflow before version 4.14.0-7 enables an attacker to enumerate valid user emails and potentially trigger denial-of-service. The Red Hat and CVE feeds corroborate the same description. Impact is consistent with ...

6.9CVSS7AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 2:56 p.m.4 views

CVE-2025-1714 Username Enumeration in Gliffy

Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server...

6.9CVSS7AI score0.00337EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 5:20 p.m.8 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2024-7254

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty, too. A security vulnerability has been reported for...

8.7CVSS6.7AI score0.02772EPSS
Exploits0Affected Software2
NVD
NVD
added 2025/03/03 2:15 p.m.9 views

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS0.00259EPSS
Exploits0References1
Rows per page
Query Builder