EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Em Http Request
Fedora
NVD
GitHub
CVSS 3.1
7.4
EPSS
0.9%
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CSRF
Image Resizer
NVD
GitHub
CVSS 3.1
8.8
EPSS
0.5%