CVE-2025-0058

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

CVE-2025-0058

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

CVE-2025-0058 Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

CVE-2025-0058 Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

CVE-2025-0058

SAP Business Workflow and SAP Flexible Workflow are affected by CVE-2025-0058. An authenticated attacker can manipulate a parameter in a legitimate resource request to view sensitive information that should be restricted, without modifying the information or causing unavailability. The report cit...

PT-2025-1045 · Microsoft · Windows Printworkflowusersvc +1

Name of the Vulnerable Software and Affected Versions: Windows PrintWorkflowUserSvc affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows PrintWorkflowUserSvc service. This vulnerability is caused by insufficient input...

PT-2025-1042 · Microsoft · Windows Printworkflowusersvc +1

Name of the Vulnerable Software and Affected Versions: Windows PrintWorkflowUserSvc affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows PrintWorkflowUserSvc service, which is caused by insufficient input validation. This...

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

SAP Business Workflow和SAP Flexible Workflow 安全漏洞

SAP Business Workflow and SAP Flexible Workflow are both products of SAP, Germany.SAP Business Workflow is a key component for executing business processes that allows users to design, implement, and manage business processes, ensure process compliance, and reduce the need for manual operations...

This Week in Spring - January 7th, 2025

Hi, Spring fans, and happy new year! It's been another super seven days since we last spoke and, as always, there's a lot to cover so let's dive right into it! A long time in coming, but it's finally here! Hello DCO, Goodbye CLA: Simplifying Contributions to Spring the Spring AI hits just keep on...

GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability

...

Maximizing Productivity with Online Document Solutions

Many professionals juggle multiple document formats, leading to confusion and wasted time. Imagine a streamlined process that simplifies…...

Sensitive Information Exposure

github.com/argoproj/argo-workflows/v3 is vulnerable to a Sensitive Information Exposure. The vulnerability is due to the absence of proper authentication checks in the GET Workflow endpoint when retrieving Archived Workflows. Specifically, when using --auth-mode=client, fake or spoofed tokens can...

Directory Traversal

The github.com/cli/cli is vulnerable to a Directory Traversal. The vulnerability is due to improper handling of artifact names during download when using the gh run download command. Specifically, if a malicious GitHub Actions workflow artifact is named .., the files within the artifact are...

CVE-2024-49097

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability...

CVE-2024-49095 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

...

PT-2024-9441 · Microsoft · Windows Printworkflowusersvc +1

Name of the Vulnerable Software and Affected Versions: Windows PrintWorkflowUserSvc affected versions not specified Description: The issue is related to the use of memory after it has been freed in the Windows PrintWorkflowUserSvc service, which can allow an attacker to elevate their privileges...

The vulnerability of the module that summarizes the Workflow framework for scanning vulnerabilities in Osmedeus, allowing attackers to perform cross-site scripting attacks

The vulnerability of the Workflow framework’s module summary component is related to the failure to remove specific elements from web pages when generating reports based on the general-template.md template. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

Image Preparation fails using MCS on GCP due to Google's deprecated images disk export workflow

Symptoms or Error Customers cannot create new catalogs or update the images of existing catalogs. Solution Citrix is currently working on a fix. Workaround: Customers can update the json files to use a newer image and script.Below is the step-by-step process. There are 2 options to update the...

CVE-2024-54675

app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow...