Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Plane
NVD
GitHub
CVSS 3.1
7.5
EPSS
0.6%
PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CSRF
Pnp4Nagios
NVD
GitHub
CVSS 3.1
8.8
EPSS
0.3%