Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.