An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Information Disclosure
Bash
Hci Management Node
Oncommand Unified Manager
Solidfire
+1
NVD
GitHub
CVSS 3.1
7.8
EPSS
2.6%
A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
Path Traversal
Rconfig
NVD
GitHub
CVSS 3.1
7.5
EPSS
1.5%