Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.