An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Deserialization
Node.js
RCE
Serialize To Js
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.7%
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Integer Overflow
Buffer Overflow
Vim
NVD
GitHub
CVSS 3.0
9.8
EPSS
0.8%