phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Code Injection
Phpmyadmin
NVD
GitHub
CVSS 3.0
3.7
EPSS
0.2%
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary. Rated low severity (CVSS 2.5). No vendor patch available.
IBM
Information Disclosure
Tivoli Storage Manager
NVD
CVSS 3.0
2.5
EPSS
0.1%