1063 matches found
MAL-2025-48589 Malicious code in workflows-enterprise (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b771d1114b155b3dc1b86df3009f418d2291384328cfa8c9f0b0d35e7808b19 Any computer that has this package installed or running should be considered...
Harden your identity defense with improved protection, deeper correlation, and richer context
In today’s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unauthorized access vulnerability exists in Devolutions Server that stems from improper...
BIT-ARGO-WORKFLOWS-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
BIT-ARGO-WORKFLOWS-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62156
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62157
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
MCPTotal Launches to Power Secure Enterprise MCP Workflows
New York, USA, New York, 15th October 2025, CyberNewsWire...
EUVD-2025-34250
Argo Workflow may expose artifact repository credentials...
EUVD-2025-34251
Argo Workflow has a Zipslip Vulnerability...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to workflow-controller logging configuration with credentials in plaintext. An attacker can access sensitive credentials by reading pod logs if they have permissions to view logs in the affected...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the unpack function during the artifact extraction due to the lack of header.Name validation in the said function. An attacker can create or overwrite arbitrary files within system directories by supplying a...
CVE-2025-62157
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62156
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62157
CVE-2025-62157 affects Argo Workflows. Vulnerable in versions prior to 3.6.12 and 3.7.0–3.7.2, where artifact repository credentials are exposed in plaintext in workflow-controller logs. An attacker with pod-log access in a namespace running Argo Workflows can read these credentials. Remediation:...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62156
Argo Workflows (versions