Lucene search
K

4559 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:4 a.m.8 views

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

7.2CVSS7.9AI score0.00606EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 a.m.8 views

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

9.8CVSS6.9AI score0.01167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:48 a.m.9 views

CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...

8.5CVSS6.8AI score0.00138EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:19 a.m.8 views

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

7.1CVSS6.9AI score0.0047EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:7 a.m.7 views

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

7.5CVSS7.7AI score0.0169EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:45 p.m.25 views

Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow - CVE-2024-38321

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2024-38321 DESCRIPTION: IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations th...

6.5CVSS5.7AI score0.00417EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2025/02/02 12:0 a.m.6 views

PT-2025-5667 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address. The crash involves the ndpi snprintf function, process ndpi collected info, a...

6.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: Vulnerable version of path-regexp shipped with IBM Business Automation Workflow - CVE-2024-45296

Summary IBM Business Automation Workflow packages a vulnerable version of path-to-regex in IBM Business Automation Workflow Configuration Editor and the most recent version of Process Admin Console. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a...

7.5CVSS7.1AI score0.00932EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.7 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45086, CVE-2024-45087)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

5.5CVSS6.5AI score0.0044EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45073)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

4.8CVSS5.9AI score0.00238EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.12 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45085, CVE-2024-45071, CVE-2024-45072)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.2AI score0.00568EPSS
Exploits0Affected Software2
NCSC
NCSC
added 2025/01/28 10:43 a.m.6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...

8.1CVSS9.1AI score0.00539EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/28 12:0 a.m.5 views

GitHub Workflow Detected

GitHub Actions are a feature from the popular GitHub platform for automating software development workflows directly within a GitHub source code repository. By defining one or more workflows files in the /.github/ directory of their repositories, developers can customize their applications build...

7.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/24 6:44 p.m.16 views

GitHub PAT written to debug artifacts

Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...

7.1CVSS7.2AI score0.00892EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2025/01/24 6:15 p.m.15 views

CVE-2025-24362

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS0.00892EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/01/24 6:4 p.m.12 views

CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS7.1AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2025/01/24 6:4 p.m.12 views

CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS9.2AI score0.00892EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.3 views

CodeQL Action 日志信息泄露漏洞

CodeQL Action is a GitHub open source application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on repository source code to find security vulnerabilities. A log message disclosure vulnerability exists in CodeQL Action versions prior to 3.28.3, which stems from...

7.1CVSS9.1AI score0.00892EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2025/01/22 12:0 a.m.5 views

Vulnerability of automation tools for business processes in SAP Business Workflow and SAP Flexible Workflow systems: The ability to bypass authentication by using a user-controlled key allows unauthorized users to gain unauthorized access to protected information.

Vulnerability of tools for automating business processes in SAP: SAP Business Workflow and SAP Flexible Workflow involve bypassing authentication by using a user-controlled key. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...

6.8CVSS5.5AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2025/01/21 9:15 p.m.2 views

CVE-2025-21541

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow...

5.4CVSS7.3AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder