CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

RSSHub 输入验证错误漏洞

RSSHub is the world's largest RSS network open-sourced by DIYgod, consisting of over 5000 global instances. RSSHub suffers from an input validation error vulnerability that stems from the vulnerability of RSSHub's docker-test-cont.yml workflow to a poisoning attack, which could lead to a takeover...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management Vulnerability Details Refer to the security bulletins listed...

Unspecified Vulnerability in JetBrains YouTrack (CNVD-2025-16856)

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

IBM Business Automation Workflow Input Validation Error Vulnerability (CNVD-2024-46816)

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An input validation error vulnerability exists in...

CVE-2024-47159

CVE-2024-47159 affects JetBrains YouTrack prior to 2024.3.44799. The public descriptions in multiple sources (including Red Hat’s advisory and vendor references) state that a user lacking appropriate permissions could restore workflows attached to a project, implying an unintended privilege/autho...

CVE-2024-47159

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project...

A Bootiful Podcast: Flowable cofounder and my friend Joram Barrez on workflow, case management, AI, Spring, and so much more

Hi, Spring fans! In this installment I catch up with my friend Joram Barrez, cofounder of Flowable, an amazing and opensource workflow engine, on their latest and greatest, AI, Spring, and so much more. workflow bpmn apache2 springboot java...

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

CVE-2024-43188 IBM Business Automation Workflow improper input validation

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

CVE-2024-43188

CVE-2024-43188 affects IBM’s Business Automation Workflow Center and related components. The issue arises from improper client-side input validation, enabling a privileged user to perform unauthorized activities in affected releases. Affected versions include IBM Business Automation Workflow trad...

CVE-2024-43188 IBM Business Automation Workflow improper input validation

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

IBM Business Automation Workflow 安全漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An input validation error vulnerability exists in...

Security Bulletin: Insufficient input validation in IBM Business Automation Workflow Center - CVE-2024-43188

Summary IBM Business Automation Workflow Center is vulnerable because of insufficient user input validation. Vulnerability Details CVEID:CVE-2024-43188 DESCRIPTION: IBM Business Automation Workflow could allow a privileged user to perform unauthorized activities due to improper client side...

arduino-esp32 操作系统命令注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An operating system command injection vulnerability exists in arduino-esp32 version 26db8cba32e77050f177e8cb0f879614c57bc5f2, which stems from code injection and environment...

CVE-2024-44128

CVE-2024-44128 concerns macOS security where an Automator Quick Action workflow may bypass Gatekeeper. The issue was addressed by adding an additional prompt for user consent and is fixed in macOS updates: Ventura 13.7, Sonoma 14.7, and Sequoia 15. The available connected documents indicate the v...

ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2674 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...