Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Node.js
Command Injection
Whereis
NVD
CVSS 3.0
9.8
EPSS
2.8%
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Information Disclosure
Use After Free
Pbc
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.6%