Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
process automation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22594
IBM Robotic Process Automation for Cloud Pak 20.12.0 up to and including 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc...
Ibm Robotic Process Automation
Ibm Robotic Process Automation As A Service
Ibm Robotic Process Automation For Cloud Pak
NA
CVE-2022-3782
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive inf...
Redhat Keycloak 20.0.2
NA
CVE-2022-43573
IBM Robotic Process Automation 20.12 up to and including 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
Ibm Robotic Process Automation
Ibm Robotic Process Automation As A Service
Ibm Robotic Process Automation For Cloud Pak
NA
CVE-2022-41740
IBM Robotic Process Automation 20.12 up to and including 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.
Ibm Robotic Process Automation
Ibm Robotic Process Automation For Cloud Pak
NA
CVE-2022-43844
IBM Robotic Process Automation for Cloud Pak 20.12 up to and including 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.
Ibm Robotic Process Automation For Cloud Pak
NA
CVE-2022-46364
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF prior to 3.5.5 and 3.4.10 allows an malicious user to perform SSRF style attacks on webservices that take at least one parameter of any type.
Apache Cxf
NA
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2022-41735
IBM Business Process Manager 21.0.1 up to and including 21.0.3.1, 20.0.0.1 up to and including 20.0.0.2 19.0.0.1 up to and including 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the ...
Ibm Business Automation Workflow 22.0.1
Ibm Business Automation Workflow 21.0.3
Ibm Business Automation Workflow 20.0.0.1
Ibm Business Automation Workflow 20.0.0.2
Ibm Business Automation Workflow 21.0.2
Ibm Business Automation Workflow
NA
CVE-2022-2969
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements with...
Deltaww Dialink 1.5.0.0
Deltaww Dialink
NA
CVE-2022-38900
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Decode-uri-component Project Decode-uri-component 0.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »