4558 matches found
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...
CVE-2024-54179 IBM Business Automation Workflow cross-site scripting
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus versions 24.0.0 and 24.0.1 (and earlier unsupported) are vulnerable to cross-site scripting (CWE-79). An authenticated user can embed arbitrary JavaScript in the Web UI, potentially exposing credentials w...
CVE-2024-54179 IBM Business Automation Workflow cross-site scripting
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...
Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179
Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...
IBM Business Automation Workflow 跨站脚本漏洞
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...
Insertion of Sensitive Information into Log File
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...
Insertion of Sensitive Information into Log File
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...
CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...
CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
Security Bulletin: Denial of Service vulnerability in jackson-core may affect IBM Business Automation Workflow - IBM X-Force ID: 220938
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 220938 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by an out of memory error when writing big decimal when the WRITEBIGDECIMALASPLAIN...
Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52365
Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52365 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...
Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2024-8550
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PYSEC-2025-84
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PYSEC-2025-84
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope version 0.0.4, which stems from a local file inclusion vulnerability in the /load-workflow endpoint that allows an attacker to read...
Azure Linux 3.0 Security Update: kernel (CVE-2024-49958)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49958 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr...