31 matches found
CVE-2026-7888
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
EUVD-2026-34164
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
CVE-2026-7888
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
CVE-2026-7888
CVE-2026-7888 affects Concrete CMS versions below 9.5.2. The vulnerability arises from PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that do not enforce allowed_classes. An unauthenticated attacker could trigger arbitrary PHP object instantiatio...
CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
PT-2026-46047
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowed classes restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has bee...
Oracle User Management 安全漏洞
Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...
NVIDIA NVTabular Deserialization Vulnerability
NVIDIA NVTabular is a component of a deep learning recommender system framework from NVIDIA, USA. A deserialization vulnerability exists in NVIDIA NVTabular, which arises from unsafe deserialization of serialized data received from users by the Workflow component and can be exploited by an attack...
EUVD-2025-202257
NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
EUVD-2019-10707
Malware in sbrugna...
EUVD-2024-37060
Malicious code in bioql PyPI...
CVE-2025-8450
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450 Unrestricted File Upload in FileCatalyst
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
PT-2025-33838 · Fortra · Fortra Filecatalyst
Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...
CVE-2020-15823
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...
GHSA-3MFQ-FP2F-VWQH Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...