In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Privilege Escalation
Patrol
NVD
CVSS 3.0
7.8
EPSS
0.1%
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Authentication Bypass
B2Evolution
NVD
GitHub
CVSS 3.0
7.5
EPSS
0.8%