CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
Nas326_firmware, Nas326, Uag2100_firmware, Uag2100, Uag4100_firmware, Uag4100, Uag5100_firmware, Uag5100, Usg110_firmware, Usg110
2022-06-06
N/A
6.1 MEDIUM
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.