An issue was discovered in UsualToolCMS 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
CSRF
Usualtoolcms
NVD
GitHub
CVSS 3.0
8.8
EPSS
0.5%
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Concourse
NVD
CVSS 3.0
7.5
EPSS
0.6%