An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Authentication Bypass
Enterprise Server
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.2%
An issue was discovered in Concrete CMS through 8.5.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
PHP
Concrete Cms
NVD
CVSS 3.1
9.1
EPSS
1.3%