Directory Traversal

github.com/argoproj/argo-workflows is vulnerable to Directory Traversal. The vulnerability is due to improper validation of archive entry paths during artifact extraction, which allows an attacker to craft malicious archive files that write arbitrary files outside the intended extraction director...

Behind the Curtain: How Shared Hosting Providers Respond to Vulnerability Notifications

Large-scale vulnerability notifications VNs can help hosting provider organizations HPOs identify and remediate security vulnerabilities that attackers can exploit in data breaches or phishing campaigns. Previous VN studies have primarily focused on factors under the control of reporters, such as...

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

Charting the future of SOC: Human and AI collaboration for better security

Security operations centers are under pressure from unprecedented scale and complexity. Speed, precision, and consistency matter more than ever, and AI is everywhere—but hype alone doesn’t solve the challenge. This blog shares our journey and insights from building autonomous AI agents for MDR...

GHSA-7J46-F57W-76PJ Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution 安全漏洞

Bdtask Isshue – Multi Store eCommerce Shopping Cart Solution is an e-commerce shopping cart system developed by the Bangladeshi company Bdtask. Version 5 of Bdtask Isshue – Multi Store eCommerce Shopping Cart Solution contains a security vulnerability. This vulnerability arises from incorrect...

[SECURITY] Fedora 43 Update: gh-2.83.0-1.fc43

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites

Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processe...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability in GitHub Enterprise Server versions prior t...

PT-2025-46218

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.18.1 GitHub Enterprise Server versions prior to 3.17.7 GitHub Enterprise Server versions prior to 3.16.10 GitHub Enterprise Server versions prior to 3.15.14 GitHub Enterprise Server versions prior t...

SUSE CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

SUSE CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

The 7 Best Continuous Threat Exposure Management Tools

If your security team is drowning in a sea of "critical" alerts from your vulnerability scanner, you know the feeling of being busy without being effective. You spend all your time triaging and patching, but you never feel like you're actually ahead of the attackers. This is the core problem that...

Devolutions Server Unauthorized Access Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unauthorized access vulnerability exists in Devolutions Server that stems from improper...

Unsafe Dependency Resolution

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: Assaf Levkovich...

EUVD-2025-35752

Malicious code in workflows-enterprise npm...

Malicious Package

Overview workflows-enterprise is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...