1060 matches found
Eclipse Theia – Website security vulnerabilities
Eclipse Theia - Website is an development environment framework created by the Eclipse Foundation. There is a security vulnerability in Eclipse Theia - Website, which stems from the use of pullrequesttarget triggers in GitHub Actions workflows to execute untrusted code. This vulnerability may lea...
The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management
Cisco’s announcement that it will sunset Cisco Vulnerability Management Kenna marks a clear inflection point for many security teams. With end-of-sale and end-of-life timelines now defined, and no replacement offering on the roadmap, Kenna customers face an unavoidable decision window. Beyond the...
QGIS security vulnerabilities
QGIS is an open-source geographic information system developed by QGIS. QGIS has a security vulnerability that stems from the GitHub Actions workflow using a pullrequesttarget trigger and executing untrusted pull requests in privileged environments. This can lead to remote code execution and...
GHSA-CV78-6M8Q-PH82 vulnerabilities
Vulnerabilities for packages: argo-workflows, kubeflow-pipelines...
CVE-2026-23960 vulnerabilities
Vulnerabilities for packages: argo-workflows, kubeflow-pipelines...
CVE-2026-23960 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, argo-workflows, argo-workflows-fips...
GHSA-CV78-6M8Q-PH82 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, argo-workflows, argo-workflows-fips...
BIT-ARGO-WORKFLOWS-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...
CVE-2026-23960
A flaw was found in Argo Workflows, an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes. This stored Cross-Site Scripting XSS vulnerability in the artifact directory listing allows any workflow author to execute unauthorized JavaScript code in another...
CVE-2026-24001 vulnerabilities
Vulnerabilities for packages: grafana, librechat, langfuse-fips, npm, prism, saf, redisinsight, grafana-fips, tileserver-gl-fips, vitess, actions-runner, renovate, ts-patch, tileserver-gl, langfuse, argo-workflows, graalvm...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...
CVE-2026-23960
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
CVE-2026-23960
CVE-2026-23960 affects Argo Workflows prior to versions 3.6.17 and 3.7.8. A stored XSS vulnerability in the artifact directory listing can cause arbitrary JavaScript to run in another user’s browser within the Argo Server origin, enabling actions with the victim’s privileges. Affected component: ...
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
CVE-2026-23960
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...
EUVD-2026-3596
Argo Workflows affected by stored XSS in the artifact directory listing...