Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

Description of the security update for SharePoint Server 2019 Language Pack: September 09, 2025 (KB5002774)

Description of the security update for SharePoint Server 2019 Language Pack: September 09, 2025 KB5002774 Summary Important: ​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to you...

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it's knowing which risks matter most right now. That's what this digest is here for: a clear, simple...

Securing and governing the rise of autonomous agents​​

In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

CVE-2025-55526

CVE-2025-55526 affects the n8n-workflows project. A directory traversal flaw exists in the download_workflow function inside api_server.py, allowing access to files outside the intended directory. The CVSSv3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N yields a base score of 9.1 (CRITICA...

github-workflows 安全漏洞

github-workflows is a shared reusable workflow for GitHub Actions for Kartverket individual developers. A security vulnerability exists in github-workflows that stems from a directory traversal in the downloadworkflow function in apiserver.py...

PT-2025-34765 · Unknown · N8N-Workflows

Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...

GHSA-23W4-RPC6-WPCC Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2025-43764

CVE-2025-43764 describes a Self-ReDoS issue in Liferay Portal/DXP where the Role Name search field in Kaleo Designer Web portlet can be abused by an authenticated user with update permissions to submit a pathological regular expression, causing the browser to hang. Affected are Liferay Portal 7.4...

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

PT-2025-34518 · Liferay · Liferay Portal +2

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.1 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

Automation Is Redefining Pentest Delivery

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed...

GHSA-X6GV-2RVH-QMP6 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...