NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

...

Nats-Server Security Vulnerability

Nats-Server is a high performance server for Nats.io, cloud and edge native messaging systems. A security vulnerability exists in Nats-Server versions prior to 2.9.23, and 2.10.x prior to 2.10.2, which stems from the presence of an authentication bypass that allows an attacker to bypass...

PT-2022-3981

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions prior to 2.10.2 Apache Hadoop versions prior to 3.2.4 Apache Hadoop versions prior to 3.3.3 Description The issue is related to the FileUtil.unTarFile, File API in Apache Hadoop, which does not escape the input file name...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...