Apache OFBiz has unsafe deserialization prior to 17.12.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Deserialization
Apache
Ofbiz
NVD
CVSS 3.1
9.8
EPSS
97.8%
git-bug before 0.7.2 has an Uncontrolled Search Path Element. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Git Bug
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.7%