An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Cdr
NVD
CVSS 3.1
9.8
EPSS
1.7%
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Foris
NVD
CVSS 3.1
9.8
EPSS
1.6%