templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Formspree
NVD
GitHub
CVSS 3.0
6.1
EPSS
0.7%
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Podofo
NVD
CVSS 3.0
5.5
EPSS
1.0%