Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
RCE
Adobe
Connect
NVD
CVSS 3.0
9.8
EPSS
3.4%
The shell-quote package before 1.7.3 for Node.js allows command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft
Node.js
Command Injection
Shell Quote
NVD
GitHub
CVSS 3.1
9.8
EPSS
4.3%