Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

ServiceNow — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting ServiceNow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products ServiceNow:Now PlatformServiceNow AI PlatformJenkins plug-in for ServiceNow DevOpsServiceNowServiceNow RecordsNow User ExperienceNow Assist AI Agents
CVE IDTitleCVSSSeverityPaused
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 9.8AICriticalAI2026-02-25
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform — Now Assist AI AgentsCWE-250 9.8AICriticalAI2026-01-12
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform — ServiceNow AI PlatformCWE-639 6.5AIMediumAI2025-08-12
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs — Now PlatformCWE-1220 5.3AIMediumAI2025-07-08
CVE-2025-0337 Authorization bypass in Now Platform — Now PlatformCWE-639 6.5 Medium2025-03-06
CVE-2024-5890 HTML Injection in the Assessment plugin — Now PlatformCWE-79 4.3 Medium2024-12-02
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform — Now PlatformCWE-89 7.5 High2024-10-29
CVE-2024-8923 Sandbox Escape in Now Platform — Now PlatformCWE-94 9.8 Critical2024-10-29
CVE-2024-5217 Incomplete Input Validation in GlideExpression Script — Now PlatformCWE-184 9.8 Critical2024-07-10
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API — Now PlatformCWE-184 4.9 Medium2024-07-10
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros — Now PlatformCWE-1287 9.8 Critical2024-07-10
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-862 7.7 High2023-07-26
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-352 6.1 Medium2023-07-26
CVE-2023-1298 ServiceNow 跨站脚本漏洞 — Now User ExperienceCWE-79 4.3 Medium2023-07-06
CVE-2022-43684 ACL bypass in Reporting functionality — Now PlatformCWE-200 9.9 Critical2023-06-13
CVE-2023-1209 ServiceNow 跨站脚本漏洞 — ServiceNow RecordsCWE-79 4.3 Medium2023-05-23
CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality — Now PlatformCWE-79 6.1 Medium2023-04-17
CVE-2022-46886 ServiceNow 输入验证错误漏洞 — ServiceNow 5.5 Medium2023-04-14
CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect — Now Platform 6.1 Medium2023-04-10

This page lists every published CVE security advisory associated with ServiceNow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.