minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Prototype Pollution
Information Disclosure
Minimist
Leap
NVD
CVSS 3.1
5.6
EPSS
1.9%
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.
Information Disclosure
Ansible
Ansible Tower
Cloudforms Management Engine
Openstack
+2
NVD
GitHub
CVSS 3.1
5.0
EPSS
0.4%