pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability

The version of Apache ActiveMQ running on the remote host is 6.x prior to 6.1.2. It is, therefore, affected by an insecure the API web that a attacker can use without any required authentication. Note that Nessus has not tested for this issue but has instead relied only on the application's...