Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Authentication Bypass
Node.js
Url Parse
NVD
GitHub
CVSS 3.1
9.1
EPSS
1.8%
In Alluxio before 2.7.3, the logserver does not validate the input stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Alluxio
NVD
CVSS 3.1
9.8
EPSS
1.2%