57 matches found
Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...
CVE-2025-12420
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...
CVE-2025-62607
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-62607
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
EUVD-2025-35304
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview nautobot-ssot is a Nautobot Single Source of Truth Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory by placing the Service Now public instance name e.g. companyname.service-now.com in a generic django view...
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...
GHSA-535G-62R7-CX6V Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...
CVE-2025-11450
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
CVE-2025-11450
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
CVE-2025-11449
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
CVE-2025-11449
The CVE-2025-11449 entry describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The flaw could allow arbitrary code execution in a user’s browser when a person clicks a specially crafted link. Documentation consistently states that ServiceNow has deployed security...
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
EUVD-2019-0839
Malware in sbrugna...
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading...
📄 ServiceNow Input Validation / Template Injection
The ServiceNow Platform contains an input validation vulnerability that allows unauthenticated remote code execution. The vulnerability affects Vancouver, Washington DC, and Utah releases of the Now Platform. !/usr/bin/env python3 """ Title : ServiceNow Multiple Versions - Input Validation &...