Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null Pointer Dereference
Denial Of Service
Exiv2
Debian Linux
NVD
GitHub
CVSS 3.1
5.5
EPSS
0.4%
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Zurmo Crm
NVD
CVSS 3.0
5.4
EPSS
0.2%