Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
workflow vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2022-39321
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these d...
Github Runner
9.9
CVSSv3
CVE-2021-32724
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can se...
Check-spelling Check-spelling
1 Github repository
9.9
CVSSv3
CVE-2021-32639
Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to cre...
Nsa Emissary
9.9
CVSSv3
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and previous versions provided a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Pipeline Remote Loader
9.9
CVSSv3
CVE-2019-1003030
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and previous versions in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins mas...
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
1 Github repository
9.8
CVSSv3
CVE-2024-21623
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an malicious user to run commands remotely ...
Mehah Otclient
9.8
CVSSv3
CVE-2023-51664
tj-actions/changed-files is a Github action to retrieve all files and directories. before 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an malicious user to execute arbitrary code and potentially leak secrets. This iss...
Tj-actions Changed-files
9.8
CVSSv3
CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 byte...
Haxx Libcurl
Fedoraproject Fedora 37
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
9 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-36419
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
Microsoft Azure Hdinsights -
9.8
CVSSv3
CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Apple Macos
Apple Ipados
Apple Iphone Os
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Oracle Jdk 1.8.0
Oracle Jre 1.8.0
Oracle Graalvm 21.3.9
Oracle Graalvm 20.3.13
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Cloud Insights Acquisition Unit -
Netapp Cloud Insights Storage Workload Security Agent -
7 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »