4559 matches found
CVE-2024-6632
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...
CVE-2024-6633
The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...
CVE-2024-37999
A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...
CVE-2024-4254
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...
CVE-2024-4253
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow - CVE-2024-38321
Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2024-38321 DESCRIPTION: IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations th...
PT-2025-5667 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address. The crash involves the ndpi snprintf function, process ndpi collected info, a...
Security Bulletin: Vulnerable version of path-regexp shipped with IBM Business Automation Workflow - CVE-2024-45296
Summary IBM Business Automation Workflow packages a vulnerable version of path-to-regex in IBM Business Automation Workflow Configuration Editor and the most recent version of Process Admin Console. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45086, CVE-2024-45087)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45073)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45085, CVE-2024-45071, CVE-2024-45072)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...
GitHub Workflow Detected
GitHub Actions are a feature from the popular GitHub platform for automating software development workflows directly within a GitHub source code repository. By defining one or more workflows files in the /.github/ directory of their repositories, developers can customize their applications build...
GitHub PAT written to debug artifacts
Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...
CVE-2025-24362
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CodeQL Action 日志信息泄露漏洞
CodeQL Action is a GitHub open source application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on repository source code to find security vulnerabilities. A log message disclosure vulnerability exists in CodeQL Action versions prior to 3.28.3, which stems from...
Vulnerability of automation tools for business processes in SAP Business Workflow and SAP Flexible Workflow systems: The ability to bypass authentication by using a user-controlled key allows unauthorized users to gain unauthorized access to protected information.
Vulnerability of tools for automating business processes in SAP: SAP Business Workflow and SAP Flexible Workflow involve bypassing authentication by using a user-controlled key. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...
CVE-2025-21541
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow...