4558 matches found
CVE-2025-2323
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...
CVE-2025-2323
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...
CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...
CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...
CVE-2025-2323
CVE-2025-2323 concerns a vulnerability in the 274056675 springboot-openai-chatgpt project where the function updateQuestionCou in /api/mjkj-chat/chat/mng/update/questionCou of the Number of Question Handler can be manipulated to enforce a behavioral workflow. Exploitation is described as remote. ...
springboot-openai-chatgpt 安全漏洞
springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from behavioral workflow coercion and could lead to remote attacks...
PT-2025-11328
Name of the Vulnerable Software and Affected Versions tj-actions/changed-files versions 1 through 45.0.7 Description The tj-actions/changed-files GitHub Action was compromised, allowing remote attackers to discover secrets by reading actions logs. The compromise occurred between March 14 and Marc...
VulnCheck KEV: CVE-2025-30066
tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...
Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)
Summary IBM Business Automation Workflow Configuration Editor repackages a nodejs runtime and multiple application level models. Vulnerabilities have been reported for the runtime and some modules.. Vulnerability Details CVEID:CVE-2025-23083 DESCRIPTION: With the aid of the diagnosticschannel...
Qualys & ServiceNow: Automating Risk-Driven Remediation for Container Security
Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate...
media: imx-jpeg: Ensure power suppliers be suspended before detach them
...
CVE-2025-27508
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...
CVE-2025-27508
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...
CVE-2025-27508
Emissary (CVE-2025-27508) uses a ChecksumCalculator that defaults to weak cryptographic algorithms (SHA-1, CRC32, SSDEEP). The issue may undermine cryptographic guarantees in contexts requiring strong integrity, with potential collision risks or tampering awareness. The problem is documented acro...
CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...
CVE-2025-1714
CVE-2025-1714 concerns Perforce Gliffy Online: lack of rate limiting in the sign-up workflow before version 4.14.0-7 enables an attacker to enumerate valid user emails and potentially trigger denial-of-service. The Red Hat and CVE feeds corroborate the same description. Impact is consistent with ...
CVE-2025-1714 Username Enumeration in Gliffy
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2024-7254
Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty, too. A security vulnerability has been reported for...
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...