NVD-CWE-noinfo

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.