Page 97 of 10658 results (0.169 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. • https://gitlab.com/gitlab-org/gitlab/-/issues/458501 https://hackerone.com/reports/2475135 • CWE-284: Improper Access Control •

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. • https://gitlab.com/gitlab-org/gitlab/-/issues/437894 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 https://www.ibm.com/support/pages/node/7159173 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

These missing checks may result in information disclosure or remote code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •