CVE

A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.