In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Discourse
NVD
GitHub
CVSS 3.1
7.5
EPSS
3.1%
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Google
RCE
Flatpak
Debian Linux
NVD
GitHub
CVSS 3.1
8.8
EPSS
0.6%