[SECURITY] Fedora 44 Update: stgit-2.5.5-5.fc44

Stacked Git, StGit for short, is an application for managing Git commits as a stack of patches. With a patch stack workflow, multiple patches can be developed concurrently a nd efficiently, with each patch focused on a single concern, resulting in both a clean Git commit history and improved...

Improper Control of Dynamically-Managed Code Resources

Overview @nocobase/plugin-workflow-javascript is an Execute a piece of JavaScript in an isolated Node.js environment. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the console object passed into the sandbox context, which exposes...

3 SOC Process Fixes That Unlock Tier 1 Productivity

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier ...

Server-side Template Injection

giskard-agents is vulnerable to server-side template injection. The vulnerability is due to the ChatWorkflow.chat method passing its string argument directly to a non‑sandboxed Jinja2 Environment, where the input string is treated as a template by inlineenv.fromstring and an attacker can supply...

SUSE CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

Improper Neutralization of Special Elements Used in a Template Engine

Overview giskard-agents is an A lightweight library that orchestrates LLM completions and agents in parallel workflows Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatWorkflow.chat function. An attacker can...

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

CVE-2026-33939

Summary: CVE-2026-33939 affects Handlebars 4.0.0–4.7.8, where a template using decorator syntax referencing an unregistered decorator (e.g. {{*n}}) causes the runtime to call an undefined value as a function, leading to an unhandled TypeError and a potential single-request DoS. The issue is fixed...

GHSA-XMGR-9PQC-H5VW act: Unrestricted set-env and add-path command processing enables environment injection

Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the processing of deprecated workflow commands in untrusted input. An attacker can inject arbitrary environment variables or modify the...

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...

Open Redirect

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Open Redirect via the Form Node when an authenticated user with workflow creation or modification permissions configures an unsanitized HTML description field or leverages an overly permissive ifram...

n8n has a Stored XSS Vulnerability in its Form Trigger

Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...

CVE-2025-15617

CVE-2025-15617 concerns Wazuh v4.12.0, where a vulnerability in GitHub Actions workflow artifacts allows extraction of the GITHUB_TOKEN from uploaded artifacts. This exposed token, obtainable within a limited time window, could enable attackers to perform unauthorized actions such as pushing mali...

CVE-2025-15617 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

PT-2026-28603

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

PT-2026-28280

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commit...