Lucene search
K

4558 matches found

OSV
OSV
added 2025/03/03 2:15 p.m.7 views

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS5.4AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:56 p.m.8 views

CVE-2024-54179 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS5.5AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:56 p.m.55 views

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus versions 24.0.0 and 24.0.1 (and earlier unsupported) are vulnerable to cross-site scripting (CWE-79). An authenticated user can embed arbitrary JavaScript in the Web UI, potentially exposing credentials w...

5.4CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/03 1:56 p.m.12 views

CVE-2024-54179 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS0.00259EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 10:4 a.m.17 views

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...

5.4CVSS6.2AI score0.00259EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.3 views

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...

5.4CVSS6AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/01 6:33 a.m.4 views

Insertion of Sensitive Information into Log File

Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...

5.1CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2025/03/01 6:33 a.m.3 views

Insertion of Sensitive Information into Log File

Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...

5.1CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2025/02/20 12:15 p.m.1 views

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/02/20 12:15 p.m.14 views

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

5.4CVSS0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:40 p.m.18 views

CVE-2023-50380

XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...

6.5CVSS7.5AI score0.00865EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/13 7:14 a.m.6 views

Security Bulletin: Denial of Service vulnerability in jackson-core may affect IBM Business Automation Workflow - IBM X-Force ID: 220938

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 220938 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by an out of memory error when writing big decimal when the WRITEBIGDECIMALASPLAIN...

7AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/12 12:29 p.m.14 views

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52365

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52365 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...

6.4CVSS6AI score0.00206EPSS
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2025/02/12 3:31 a.m.14 views

Unencrypted transmission in Temporal api-go library

The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...

2CVSS6.5AI score0.0009EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/11 11:15 a.m.3 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS5.8AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2025/02/10 7:15 p.m.4 views

CVE-2024-8550

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

7.5CVSS7.2AI score0.0048EPSS
Exploits1References1
PyPA
PyPA
added 2025/02/10 7:15 p.m.12 views

PYSEC-2025-84

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

7.5CVSS7.2AI score0.0048EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/10 7:15 p.m.5 views

PYSEC-2025-84

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

7.5CVSS7.2AI score0.0048EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

AgentScope 安全漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope version 0.0.4, which stems from a local file inclusion vulnerability in the /load-workflow endpoint that allows an attacker to read...

7.5CVSS7.3AI score0.0048EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.12 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-49958)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49958 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr...

5.5CVSS5.9AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder